Vulnerabilities > CVE-2011-4513 - Remote Security vulnerability in SIMATIC Wincc Runtime Advanced

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

siemens

critical

NVD

Published: 2012-02-03

Updated: 2012-02-06

Summary

Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Wincc Flexible 2004 Siemens Wincc Flexible 2005 Siemens Wincc Flexible 2007 Siemens Wincc Flexible 2008 Siemens Wincc V11 Siemens Simatic HMI Panels Comfort_Panels Siemens Simatic HMI Panels Mobile_Panels Siemens Simatic HMI Panels Mp Siemens Simatic HMI Panels Op Siemens Simatic HMI Panels Tp Siemens Wincc Runtime Advanced V11 Siemens Wincc Flexible Runtime *	12

Summary

Vulnerable Configurations

References