CVE-2011-4530

Name of the Vulnerable Software and Affected Versions Siemens Automation License Manager (ALM) versions 4.0 through 5.1+SP1+Upd1

Description The issue allows remote attackers to cause a denial of service, resulting in an exception and daemon crash, by sending long fields to specific functions. This can be achieved by sending long fields to the open session->workstation->NAME or grant->VERSION function.

Recommendations For versions 4.0 through 5.1+SP1+Upd1, consider restricting access to the open session and grant functions to minimize the risk of exploitation. As a temporary workaround, limit the length of fields accepted by the workstation->NAME and VERSION functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.