Search criteria
2 vulnerabilities found for License Management Utility (LMU) by Siemens AG
CVE-2020-10056 (GCVE-0-2020-10056)
Vulnerability from cvelistv5 – Published: 2020-09-09 18:10 – Updated: 2024-08-04 10:50
VLAI?
Summary
A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.
Severity ?
No CVSS data available.
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens AG | License Management Utility (LMU) |
Affected:
All versions < V2.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "License Management Utility (LMU)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in License Management Utility (LMU) (All versions \u003c V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T22:01:37",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-10056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "License Management Utility (LMU)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.4"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in License Management Utility (LMU) (All versions \u003c V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250: Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-10056",
"datePublished": "2020-09-09T18:10:49",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10056 (GCVE-0-2020-10056)
Vulnerability from nvd – Published: 2020-09-09 18:10 – Updated: 2024-08-04 10:50
VLAI?
Summary
A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges.
Severity ?
No CVSS data available.
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Siemens AG | License Management Utility (LMU) |
Affected:
All versions < V2.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "License Management Utility (LMU)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in License Management Utility (LMU) (All versions \u003c V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-23T22:01:37",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-10056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "License Management Utility (LMU)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.4"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in License Management Utility (LMU) (All versions \u003c V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250: Execution with Unnecessary Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-709003.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-252-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-10056",
"datePublished": "2020-09-09T18:10:49",
"dateReserved": "2020-03-04T00:00:00",
"dateUpdated": "2024-08-04T10:50:57.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}