CVE-2024-44087 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-44087 PUBLISHED CVSS 8.600000381469727 HIGH

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.

EPSS 13.79% · 94.2th percentile

Risk Scores

CVSS v3.1

8.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

EPSS Score

13.79%

94.2th percentile

Affected Products

Vendor	Product	Versions
Siemens	Automation License Manager V6.0	0, 0, 0
siemens	automation_license_manager	5.0, 5.0, 5.0
Siemens	Automation License Manager V6.2	0, 0, 0
Siemens	Automation License Manager V5	0, 0, 0

Timeline

Sep 10, 2024 CVE Published
Sep 10, 2024 CVE Updated
Sep 10, 2024 PoC Published
Sep 11, 2024 EPSS Score
Sep 30, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 20, 2024 EPSS Score
Nov 27, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 6, 2025 EPSS Score
Jan 25, 2025 EPSS Score
Feb 13, 2025 EPSS Score

References

Open in Interactive Console →