PT-2018-10584 · Rockwell Automation · Automation License Manager

Published

2018-08-07

Updated

2019-10-09

CVE-2018-11455

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Automation License Manager 5 versions prior to 5.3.4.4 Automation License Manager 6 versions prior to 6.0.1

Description A directory traversal issue could allow a remote attacker to move arbitrary files, potentially resulting in code execution and compromising the system's confidentiality, integrity, and availability. Exploitation requires a network connection to the affected device and user interaction, but no special privileges or conditions are needed.

Recommendations For Automation License Manager 5 versions prior to 5.3.4.4, update to version 5.3.4.4 or later. For Automation License Manager 6 versions prior to 6.0.1, update to version 6.0.1 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-11455

Affected Products

Automation License Manager

PT-2018-10584 · Rockwell Automation · Automation License Manager

CVE-2018-11455

Weakness Enumeration

Related Identifiers

Affected Products

References · 4