Siemens Automation License Manager 5.x < 18.104.22.168 Multiple Vulnerabilities
High Nessus Plugin ID 112123
SynopsisThe remote host has software installed that is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Siemens Automation License Manager installed that is affected by the following vulnerabilities :
- A user-input validation error exists that allows a directory traversal attack. This could allow, among other actions, code execution. User interaction is required for this attack. (CVE-2018-11455)
- A user-input validation error exists that could allow an attacker to use the target as a port- scanning proxy. (CVE-2018-11456)
SolutionUpgrade to Siemens Automation License Manager 5.3+SP4+Upd4 (22.214.171.124) or later.