CVE-2011-4529

Name of the Vulnerable Software and Affected Versions Siemens Automation License Manager versions 4.0 through 5.1+SP1+Upd1

Description The issue allows remote attackers to execute arbitrary code due to multiple buffer overflows. This can be achieved by sending a long serialid field in a licensekey command. The commands check licensekey and read licensekey are specifically mentioned as vulnerable to this issue.

Recommendations For versions 4.0 through 5.1+SP1+Upd1, consider disabling the check licensekey and read licensekey commands until a patch is available to prevent exploitation. Restrict access to the licensekey command to minimize the risk of arbitrary code execution. Avoid using long serialid fields in the licensekey command until the issue is resolved.