CVE-2024-44087

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-103653.html

Configurations

No configuration.

History

13 May 2025, 10:15

Type	Values Removed	Values Added
Summary	(en) A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.	(en) A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.

10 Sep 2024, 12:09

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad en Automation License Manager V5 (todas las versiones), Automation License Manager V6.0 (todas las versiones), Automation License Manager V6.2 (todas las versiones < V6.2 Upd3). Las aplicaciones afectadas no validan correctamente ciertos campos en los paquetes de red entrantes en el puerto 4410/tcp. Esto podría permitir que un atacante remoto no autenticado provoque un desbordamiento de enteros y el bloqueo de la aplicación. Esta condición de denegación de servicio podría impedir que los usuarios legítimos utilicen productos posteriores que dependan de la aplicación afectada para la verificación de la licencia.

10 Sep 2024, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 10:15

Updated : 2025-05-13 10:15

NVD link : CVE-2024-44087

Mitre link : CVE-2024-44087

CVE.ORG link : CVE-2024-44087

JSON object : View

Products Affected

No product.

CWE

CWE-190

Integer Overflow or Wraparound

8.6 /10