CVE-2011-4531

Name of the Vulnerable Software and Affected Versions Siemens Automation License Manager (ALM) versions 4.0 through 5.1+SP1+Upd1

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and daemon crash. This can be achieved via crafted content in a (1) get target ocx param or (2) send target ocx param command.

Recommendations For versions 4.0 through 5.1+SP1+Upd1, consider restricting access to the get target ocx param and send target ocx param commands until a patch is available. As a temporary workaround, disabling these commands can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.