Successful exploitation requires a network connection. This allows the attacker to do basic network scanning using the victim’s machine. 3.2.2 IMPROPER INPUT VALIDATION CWE-20Īn attacker with network access to the device could send specially crafted network packets to determine whether a network port on another remote system is accessible. A CVSS v3 base score of 8.8 has been calculated the CVSS vector string is ( AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The attacker does not need privileges or special conditions, but user interaction is required.ĬVE-2018-11455 has been assigned to this vulnerability. Successful exploitation requires a network connection to the affected device. Automation License Manager 6: All versions prior to 6.0.1 (only affected by CVE-2018-11455).ģ.2 VULNERABILITY OVERVIEW 3.2.1 RELATIVE PATH TRAVERSAL CWE-23Ī directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising system confidentiality, integrity, and availability.Automation License Manager 5: All versions prior to 5.3.4.4, and. ![]() TECHNICAL DETAILS 3.1 AFFECTED PRODUCTSĪccording to Siemens, the following products are affected: ![]() Successful exploitation of these vulnerabilities could allow remote code execution or allow an attacker to determine port status on another remote system. Vulnerabilities: Relative Path Traversal, Improper Input Validation.ATTENTION: Exploitable remotely/low skill level to exploit.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |