Siemens Automation License Manager 5.x < 220.127.116.11 Multiple Vulnerabilities
High Nessus Plugin ID 112123
SynopsisThe remote host has software installed that is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Siemens Automation License Manager installed that is affected by the following vulnerabilities :
- A user-input validation error exists that allows a directory traversal attack. This could allow, among other actions, code execution. User interaction is required for this attack. (CVE-2018-11455)
- A user-input validation error exists that could allow an attacker to use the target as a port- scanning proxy. (CVE-2018-11456)
SolutionUpgrade to Siemens Automation License Manager 5.3+SP4+Upd4 (18.104.22.168) or later.