12 results (0.009 seconds)

CVSS: 7.1EPSS: 4%CPEs: 12EXPL: 2

CVE-2011-4877 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4877

HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP. HmiLoad del cargador en tiempo de ejecución ("runtime loader") de Siemens WinCC flexible 2004, 2005, 2007 y 2008; WinCC V11 (TIA portal); the TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced y WinCC flexible Runtime, cuando el modo de transferencia ("Transfer Mode") está habilitado, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) enviando datos modificados sobre TCP. • https://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://www.exploit-db.com/exploits/18166 http://www.osvdb.org/77382 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf https • CWE-20: Improper Input Validation •

CVSS: 8.5EPSS: 2%CPEs: 16EXPL: 2

CVE-2011-4879 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4879

miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. miniweb.exe del servidor web HMI de Siemens WinCC flexible 2004, 2005, 2007 y 2008 anteriores a SP3; WinCC V11 (portal TIA) anteriores a SP2 Update 1; los TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime no manejan apropiadamente URIs que comienzan con un caracter 0xfa, lo que permite a atacantes remotos leer localizaciones de memoria arbitrarias o provocar una denegación de servicio (caída de la aplicación) a través de una petición POST. • https://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://www.exploit-db.com/exploits/18166 http://www.osvdb.org/77384 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf https • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 30%CPEs: 12EXPL: 2

CVE-2011-4875 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4875

Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings. Desbordamiento de buffer de pila en HmiLoad del cargador de tiempo de ejecución de Siemens WinCC flexible 2004, 2005, 2007, y 2008; WinCC V11 (TIA portal); TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime, cuando el modo de transferencia ("Transfer Mode") está habilitado, permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con cadenas de texto Unicode. • https://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://www.exploit-db.com/exploits/18166 http://www.osvdb.org/77380 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 3%CPEs: 12EXPL: 2

CVE-2011-4876 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4876

Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string. Vulnerabilidad de salto de directorio en HmiLoad del cargador de tiempo de ejecución ("runtime loader") de Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime, si el modo de transferencia ("Transfer Mode") está habilitado, permite a atacantes remotos ejecutar, leer, crear, modificar o borrar archivos arbitrarios a través de los caracteres .. (punto punto) en una cadena. • https://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://secunia.com/advisories/46997 http://www.exploit-db.com/exploits/18166 http://www.osvdb.org/77381 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.us-cert.gov/control_s • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 1%CPEs: 16EXPL: 2

CVE-2011-4878 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2011-4878

Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. Vulnerabilidad de salto de directorio en miniweb.exe de servidor web HMI de Siemens WinCC flexible 2004, 2005, 2007, y 2008 anteriores a SP3; WinCC V11 (TIA portal) anteriores a SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime permite a atacantes remotos leer archivos arbitrarios a través de los caracteres ..%5c (punto punto barra invertida) en una URI. • https://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://www.exploit-db.com/exploits/18166 http://www.osvdb.org/77383 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf https • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •