CVE-2024-44087

Name of the Vulnerable Software and Affected Versions Automation License Manager V5 (All versions) Automation License Manager V6.0 (All versions) Automation License Manager V6.2 (All versions prior to V6.2 Upd3)

Description The issue is related to an integer overflow in the Automation License Manager. This could allow a remote attacker to cause a denial of service by sending specially crafted network packets using port 4410/tcp. The affected applications do not properly validate certain fields in incoming network packets, which can lead to a crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.

Recommendations For Automation License Manager V5 (All versions), consider disabling the application's network functionality or restricting access to port 4410/tcp until a patch is available. For Automation License Manager V6.0 (All versions), restrict access to the vulnerable network packets on port 4410/tcp to minimize the risk of exploitation. For Automation License Manager V6.2 (All versions prior to V6.2 Upd3), update to V6.2 Upd3 or later to resolve the issue. As a temporary workaround, consider disabling the application's network functionality or restricting access to port 4410/tcp until the update can be applied.