1. CVE-Search
  2. CVE-2011-4513
ID CVE-2011-4513
Summary Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.
References
Vulnerable Configurations
  • cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*
  • cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 06-02-2012 - 05:00)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
confirm http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf
misc http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf
Last major update 06-02-2012 - 05:00
Published 03-02-2012 - 20:55
Last modified 06-02-2012 - 05:00
Back to Top