Cyber Resilience

CVE-2024-44087

Critical

Published: 10 September 2024

Published
10 September 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 9.2 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.1379 94.4th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44087 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability. Its CVSS base score is 9.2 (Critical).

Operationally, ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

A vulnerability in Siemens Automation License Manager allows an unauthenticated remote attacker to trigger an integer overflow by sending specially crafted network packets to port 4410/tcp. The flaw affects all versions of V5, versions of V6.0 prior to SP12 Upd3, and versions of V6.2 prior to Upd3. Because the application performs insufficient validation of incoming packet fields, the overflow leads directly to a crash of the license manager process.

An attacker with network access can exploit the issue without credentials or user interaction, resulting in a denial-of-service condition that prevents the license manager from servicing subsequent requests. This in turn blocks license verification for any dependent Siemens products, disrupting their operation until the manager is restarted.

The Siemens advisory SSA-103653 recommends upgrading Automation License Manager V6.0 to SP12 Upd3 or later and V6.2 to Upd3 or later; no workaround is provided for V5.

EPSS for the CVE rose from a low baseline to a peak of 0.1712, indicating emerging exploitation interest after public disclosure.

EU & UK References

Vulnerability details

A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in…

more

incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

All
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References