TCP: Siemens Automation License Manager almsrv64x.exe Integer Overflow
This signature detects attempts to exploit a known vulnerability against Siemens Automation License Manager. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the Siemens Automation License Manager.
Extended Description
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.
References
CVE: CVE-2024-44087
Short Name
TCP:C2S:SIEMENS-AUTO-OVRFLOW
Severity
Major
Recommended
False
Recommended Action
None
Category
TCP
Keywords
Automation CVE-2024-44087 Integer License Manager Overflow Siemens almsrv64x.exe
Release Date
10/24/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3752
Port
TCP/4410
False Positive
Occasionally