VAR-201212-0032
Vulnerability from variot - Updated: 2025-04-11 22:53Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. The Siemens Automation License Manager is the certificate management software used by various Siemens software products. The following products are affected by this vulnerability: SIMATIC (eg STEP 7) SIMATIC HMI (eg WinCC, WinCC flexible) SIMATIC PCS 7 SIMOTION (eg Scout) SIMATIC NET SINAMICS (eg Starter) SIMOCODE. Successful exploits will cause an affected application to cause a memory leakage and terminate the application, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201212-0032",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "automation license manager",
"scope": "eq",
"trust": 1.9,
"vendor": "siemens",
"version": "4.0"
},
{
"model": "automation license manager",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.1"
},
{
"model": "automation license manager",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "automation license manager",
"scope": "eq",
"trust": 1.1,
"vendor": "siemens",
"version": "5.2"
},
{
"model": "automation license manager",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "5.x"
},
{
"model": "automation license manager",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "4.x"
},
{
"model": "automation license manager",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "automation license manager",
"version": "5.1"
},
{
"model": "sinamics",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simotion",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simocode",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic pcs7 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "7.1"
},
{
"model": "simatic net",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5.2"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5.1"
},
{
"model": "simatic step",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "75.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "automation license manager",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "automation license manager",
"version": "5.0"
}
],
"sources": [
{
"db": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7524"
},
{
"db": "BID",
"id": "56954"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005759"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-250"
},
{
"db": "NVD",
"id": "CVE-2012-4691"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:automation_license_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005759"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CERT",
"sources": [
{
"db": "BID",
"id": "56954"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-250"
}
],
"trust": 0.9
},
"cve": "CVE-2012-4691",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2012-4691",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-57972",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4691",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2012-4691",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201212-250",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-57972",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-57972"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005759"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-250"
},
{
"db": "NVD",
"id": "CVE-2012-4691"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets. The Siemens Automation License Manager is the certificate management software used by various Siemens software products. The following products are affected by this vulnerability: SIMATIC (eg STEP 7) SIMATIC HMI (eg WinCC, WinCC flexible) SIMATIC PCS 7 SIMOTION (eg Scout) SIMATIC NET SINAMICS (eg Starter) SIMOCODE. \nSuccessful exploits will cause an affected application to cause a memory leakage and terminate the application, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4691"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005759"
},
{
"db": "CNVD",
"id": "CNVD-2012-7524"
},
{
"db": "BID",
"id": "56954"
},
{
"db": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-57972"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-57972",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57972"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4691",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-349-01",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-783261",
"trust": 1.7
},
{
"db": "BID",
"id": "56954",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201212-250",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-7524",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005759",
"trust": 0.8
},
{
"db": "IVD",
"id": "2D96FFB0-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-57972",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7524"
},
{
"db": "VULHUB",
"id": "VHN-57972"
},
{
"db": "BID",
"id": "56954"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005759"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-250"
},
{
"db": "NVD",
"id": "CVE-2012-4691"
}
]
},
"id": "VAR-201212-0032",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7524"
},
{
"db": "VULHUB",
"id": "VHN-57972"
}
],
"trust": 1.6034409025
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7524"
}
]
},
"last_update_date": "2025-04-11T22:53:29.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/cc/en/"
},
{
"title": "SSA-783261: Denial-of-Service vulnerability in Siemens Automation License Manager (ALM)",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e",
"trust": 0.8,
"url": "http://www.siemens.com/answers/jp/ja/"
},
{
"title": "Siemens Automation License Manager denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/26615"
},
{
"title": "ALMv5_2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=45585"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7524"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005759"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-250"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57972"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005759"
},
{
"db": "NVD",
"id": "CVE-2012-4691"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-349-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-783261.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4691"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4691"
},
{
"trust": 0.6,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-349-01.pdfhttp"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/56954"
},
{
"trust": 0.3,
"url": "http://support.automation.siemens.com/ww/llisapi.dll?func=cslib.csinfo\u0026lang=en\u0026siteid=cseus\u0026aktprim=0\u0026extranet=standard\u0026viewreg=ww\u0026objid=17323948\u0026tree"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7524"
},
{
"db": "VULHUB",
"id": "VHN-57972"
},
{
"db": "BID",
"id": "56954"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005759"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-250"
},
{
"db": "NVD",
"id": "CVE-2012-4691"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7524"
},
{
"db": "VULHUB",
"id": "VHN-57972"
},
{
"db": "BID",
"id": "56954"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005759"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-250"
},
{
"db": "NVD",
"id": "CVE-2012-4691"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-19T00:00:00",
"db": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7524"
},
{
"date": "2012-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-57972"
},
{
"date": "2012-12-14T00:00:00",
"db": "BID",
"id": "56954"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005759"
},
{
"date": "2012-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-250"
},
{
"date": "2012-12-18T12:30:05.810000",
"db": "NVD",
"id": "CVE-2012-4691"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7524"
},
{
"date": "2013-01-29T00:00:00",
"db": "VULHUB",
"id": "VHN-57972"
},
{
"date": "2015-03-19T08:25:00",
"db": "BID",
"id": "56954"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005759"
},
{
"date": "2012-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201212-250"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-4691"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201212-250"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens Automation License Manager Denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-7524"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-250"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Resource management error",
"sources": [
{
"db": "IVD",
"id": "2d96ffb0-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201212-250"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…