CVE-2024-44087: A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12...
Description
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.
Classification
CVE ID: CVE-2024-44087
CVSS Base Severity: HIGH
CVSS Base Score: 8.6
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Problem Types
CWE-190: Integer Overflow or WraparoundAffected Products
Vendor: Siemens
Product: Automation License Manager V5, Automation License Manager V6.0, Automation License Manager V6.2
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.25% (probability of being exploited)
EPSS Percentile: 48.31% (scored less or equal to compared to others)
EPSS Date: 2025-06-11 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2024-44087https://cert-portal.siemens.com/productcert/html/ssa-103653.html