VDB
CVE-2024-44087
CVE-2024-44087
PUBLISHED
CVSS 8.600000381469727 HIGH
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.
EPSS 13.79% · 94.4th percentile
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
13.79%
94.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Automation License Manager V6.0 | 0, 0, 0 |
| siemens | automation_license_manager | 5.0, 5.0, 5.0 |
| Siemens | Automation License Manager V6.2 | 0, 0, 0 |
| Siemens | Automation License Manager V5 | 0, 0, 0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-44087 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-103653.html (circl)
Timeline
- Sep 10, 2024 CVE Published
- Sep 10, 2024 PoC Published
- Sep 11, 2024 EPSS Score
- Oct 1, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 21, 2024 EPSS Score
- Nov 29, 2024 EPSS Score
- Dec 20, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 29, 2025 EPSS Score
- Feb 18, 2025 EPSS Score
- Mar 29, 2025 EPSS Score