Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for license_management_utility by siemens

    CVE-2020-10056 (GCVE-0-2020-10056)

    Vulnerability from nvd – Published: 2020-09-09 18:10 – Updated: 2024-08-04 10:50
    VLAI
    Summary
    A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:50:57.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "License Management Utility (LMU)",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V2.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in License Management Utility (LMU) (All versions \u003c V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250: Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-23T22:01:37.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2020-10056",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "License Management Utility (LMU)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in License Management Utility (LMU) (All versions \u003c V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-250: Execution with Unnecessary Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2020-10056",
        "datePublished": "2020-09-09T18:10:49.000Z",
        "dateReserved": "2020-03-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:50:57.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-10056 (GCVE-0-2020-10056)

    Vulnerability from cvelistv5 – Published: 2020-09-09 18:10 – Updated: 2024-08-04 10:50
    VLAI
    Summary
    A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-250 - Execution with Unnecessary Privileges
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:50:57.816Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "License Management Utility (LMU)",
              "vendor": "Siemens AG",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions \u003c V2.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in License Management Utility (LMU) (All versions \u003c V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-250",
                  "description": "CWE-250: Execution with Unnecessary Privileges",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-23T22:01:37.000Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "productcert@siemens.com",
              "ID": "CVE-2020-10056",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "License Management Utility (LMU)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions \u003c V2.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Siemens AG"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability has been identified in License Management Utility (LMU) (All versions \u003c V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-250: Execution with Unnecessary Privileges"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf",
                  "refsource": "MISC",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
                },
                {
                  "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03",
                  "refsource": "MISC",
                  "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2020-10056",
        "datePublished": "2020-09-09T18:10:49.000Z",
        "dateReserved": "2020-03-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:50:57.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }