Siemens Automation License Manager 'almaxcx.dll' ActiveX Arbitrary File Overwrite Vulnerability

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an ActiveX control that is affected by an
arbitrary file overwrite vulnerability.

Description :

The remote host has the almaxcx.dll ActiveX control that is affected
by an arbitrary file overwrite vulnerability that can be triggered by
providing an absolute path when calling the control's Save() method in
a specially crafted HTML document.

See also :

http://www.nessus.org/u?177b6448

Solution :

Upgrade to Siemens Automation License Manager 5.1+SP1+Upd3 or higher.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: SCADA

Nessus Plugin ID: 63429 ()

Bugtraq ID: 50831

CVE ID: CVE-2011-4532

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial