var-201202-0043
Vulnerability from variot

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. plural Siemens Product HMI Web The server Cookie There is a vulnerability that prevents authentication because it generates a predictable authentication token.Skillfully crafted by a third party Cookie Authentication may be bypassed. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Multiple Siemens SIMATIC products have security vulnerabilities, and the insecure generation of authentication tokens (session COOKIE guesses) allows an attacker to bypass authentication checks and increase privileges without a username and password. An attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0043",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "siemens",
        "version": "mp"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "siemens",
        "version": "op"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "siemens",
        "version": "tp"
      },
      {
        "model": "simatic wincc flexible",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "siemens",
        "version": "2007"
      },
      {
        "model": "simatic wincc flexible",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "siemens",
        "version": "2005"
      },
      {
        "model": "simatic wincc flexible",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "siemens",
        "version": "2004"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "comfort_panels"
      },
      {
        "model": "wincc runtime advanced",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "wincc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "mobile_panels"
      },
      {
        "model": "wincc flexible",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2004"
      },
      {
        "model": "wincc flexible runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "wincc flexible",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2007"
      },
      {
        "model": "wincc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "wincc flexible",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2005"
      },
      {
        "model": "wincc flexible",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2008"
      },
      {
        "model": "simatic wincc flexible",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "2008"
      },
      {
        "model": "simatic wincc flexible sp1",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "2008"
      },
      {
        "model": "simatic wincc flexible sp2",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "2008"
      },
      {
        "model": "simatic wincc flexible sp1",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "2005"
      },
      {
        "model": "simatic wincc flexible runtime",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic wincc sp2",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "simatic wincc sp1",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "comfort panels"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "mobile panels"
      },
      {
        "model": "simatic wincc",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "v11 sp2 update 1"
      },
      {
        "model": "simatic wincc flexible",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "2008 sp3"
      },
      {
        "model": "simatic wincc flexible rumtime",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.6,
        "vendor": "wincc flexible",
        "version": "2008"
      },
      {
        "model": "wincc flexible runtime",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "wincc",
        "version": "v11"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc flexible",
        "version": "2004"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc flexible",
        "version": "2005"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc flexible",
        "version": "2007"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc",
        "version": "*"
      },
      {
        "model": "comfort panels",
        "scope": null,
        "trust": 0.2,
        "vendor": "simatic hmi panels",
        "version": null
      },
      {
        "model": "mobile panels",
        "scope": null,
        "trust": 0.2,
        "vendor": "simatic hmi panels",
        "version": null
      },
      {
        "model": "mp",
        "scope": null,
        "trust": 0.2,
        "vendor": "simatic hmi panels",
        "version": null
      },
      {
        "model": "op",
        "scope": null,
        "trust": 0.2,
        "vendor": "simatic hmi panels",
        "version": null
      },
      {
        "model": "tp",
        "scope": null,
        "trust": 0.2,
        "vendor": "simatic hmi panels",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc runtime advanced",
        "version": "v11"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc flexible runtime",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "28828750-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5448"
      },
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-422"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4508"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:siemens:simatic_hmi_panels",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:siemens:simatic_wincc_%28tia_portal%29",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:siemens:wincc_flexible",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:siemens:wincc_flexible_runtime",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:siemens:wincc_runtime_advanced",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Billy Rios and Terry McCorkle",
    "sources": [
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-422"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2011-4508",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-4508",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-4508",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "28828750-2354-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-52453",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-4508",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-4508",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201112-422",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "28828750-2354-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-52453",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "28828750-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-422"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4508"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. plural Siemens Product HMI Web The server Cookie There is a vulnerability that prevents authentication because it generates a predictable authentication token.Skillfully crafted by a third party Cookie Authentication may be bypassed. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Multiple Siemens SIMATIC products have security vulnerabilities, and the insecure generation of authentication tokens (session COOKIE guesses) allows an attacker to bypass authentication checks and increase privileges without a username and password. \nAn attacker can exploit these issues to bypass intended security   restrictions and gain access to the affected application.  Successfully   exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5448"
      },
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "IVD",
        "id": "28828750-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52453"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-4508",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-12-030-01",
        "trust": 2.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-345442",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-422",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "51177",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5448",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "18390",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-11-356-01",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-12-030-01A",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "28828750-2354-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-52453",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "28828750-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5448"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52453"
      },
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-422"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4508"
      }
    ]
  },
  "id": "VAR-201202-0043",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "28828750-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5448"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52453"
      }
    ],
    "trust": 1.575178075
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "28828750-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5448"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:46:29.776000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-345442",
        "trust": 0.8,
        "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
      },
      {
        "title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
        "trust": 0.8,
        "url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.siemens.com/entry/jp/ja/"
      },
      {
        "title": "Patch for multiple Siemens SIMATIC Product Verification Bypass Vulnerabilities (CNVD-2011-5448)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/72707"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-5448"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-52453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4508"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4508"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4508"
      },
      {
        "trust": 0.6,
        "url": "http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/http"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/51177"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/18390"
      },
      {
        "trust": 0.3,
        "url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/pages/default.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/user-interface/pages/default.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/"
      },
      {
        "trust": 0.3,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-356-01.pdf"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-5448"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52453"
      },
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-422"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4508"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "28828750-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5448"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52453"
      },
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-422"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4508"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-12-26T00:00:00",
        "db": "IVD",
        "id": "28828750-2354-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-12-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-5448"
      },
      {
        "date": "2012-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-52453"
      },
      {
        "date": "2011-12-22T00:00:00",
        "db": "BID",
        "id": "51177"
      },
      {
        "date": "2012-02-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      },
      {
        "date": "1900-01-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201112-422"
      },
      {
        "date": "2012-02-03T20:55:01.250000",
        "db": "NVD",
        "id": "CVE-2011-4508"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-5448"
      },
      {
        "date": "2012-02-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-52453"
      },
      {
        "date": "2012-04-18T21:20:00",
        "db": "BID",
        "id": "51177"
      },
      {
        "date": "2012-02-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      },
      {
        "date": "2012-01-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201112-422"
      },
      {
        "date": "2024-11-21T01:32:26.773000",
        "db": "NVD",
        "id": "CVE-2011-4508"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-422"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Siemens Product  HMI Web Vulnerability that prevents authentication on the server",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001310"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-422"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.