4 matches found
Remote code execution
A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4. The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended roo...
CVE-2022-43513
A vulnerability has been identified in Automation License Manager V5 All versions, Automation License Manager V6 All versions V6.0 SP9 Upd4, TeleControl Server Basic V3 All versions V3.1.2. The affected components allow to rename license files with user chosen input without authentication. This...
CVE-2022-43513
Siemens Automation License Manager and TeleControl Server Basic are affected by CVE-2022-43513 (and related CVEs). The root cause is external control of file name or path: input provided by unauthenticated users can rename and move license files as SYSTEM, enabling file operations outside the int...
Siemens Automation License Manager
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...