CVE-2011-4877 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4877
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP. HmiLoad del cargador en tiempo de ejecución ("runtime loader") de Siemens WinCC flexible 2004, 2005, 2007 y 2008; WinCC V11 (TIA portal); the TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced y WinCC flexible Runtime, cuando el modo de transferencia ("Transfer Mode") está habilitado, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) enviando datos modificados sobre TCP. • https://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://www.exploit-db.com/exploits/18166 http://www.osvdb.org/77382 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf https • CWE-20: Improper Input Validation •
CVE-2011-4876 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4876
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string. Vulnerabilidad de salto de directorio en HmiLoad del cargador de tiempo de ejecución ("runtime loader") de Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime, si el modo de transferencia ("Transfer Mode") está habilitado, permite a atacantes remotos ejecutar, leer, crear, modificar o borrar archivos arbitrarios a través de los caracteres .. (punto punto) en una cadena. • https://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://secunia.com/advisories/46997 http://www.exploit-db.com/exploits/18166 http://www.osvdb.org/77381 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.us-cert.gov/control_s • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2011-4514
https://notcve.org/view.php?id=CVE-2011-4514
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session. El demonio TELNET de Siemens WinCC flexible 2004, 2005, 2007 y 2008; WinCC V11 (TIA portal); TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime no realiza autenticación, lo que facilita a atacantes remotos obtener acceso obtener acceso a través de una sesión TCP. • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf • CWE-287: Improper Authentication •
CVE-2011-4513
https://notcve.org/view.php?id=CVE-2011-4513
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. Siemens WinCC flexible 2004, 2005, 2007 y 2008; WinCC V11 (TIA portal); TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced y WinCC flexible Runtime permiten a atacantes remotos asistidos por el usuario ejecutar código arbitrario a través de un archivo de proyecto, relacionado con un servidor web y el cargador de tiempo de ejecución ("runtime loader"). • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf •
CVE-2011-4509
https://notcve.org/view.php?id=CVE-2011-4509
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. El servidor web HMI en Siemens WinCC flexible v2004, v2005, v2007 y v2008; WinCC V11 (también conocido como TIA Portal), el TP, OP, MP, Comfort Panels, y los paneles de Mobile Panels SIMATIC HMI, WinCC V11 Runtime Advanced, y WinCC Runtime, tiene una contraseña por defecto mal seleccionado para la cuenta de administrador, lo que hace que sea más fácil para los atacantes remotos obtener acceso usando fuerza bruta mediante el uso de gran cantidad de peticiones HTTP. • http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf • CWE-264: Permissions, Privileges, and Access Controls •