Main Vulnerability Database Vulnerabilities #VU14417

#VU14417 Relative path traversal in Siemens Automation License Manager - CVE-2018-11455

Published: August 14, 2018 / Updated: August 15, 2018

Vulnerability identifier: #VU14417

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-11455

CWE-ID: CWE-23

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Siemens Automation License Manager

Software vendor:
Siemens

Description

The vulnerability allows a remote attacker to conduct directory traversal attack on the target system.

The vulnerability exists due to relative path traversal. A remote unauthenticated attacker can trick the victim into visiting a specially crafted website, move arbitrary files to conduct path traversal attack and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Update to version 6.0.1.

External links

https://cert-portal.siemens.com/productcert/pdf/ssa-920962.pdf