CVE-2011-4879 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4879
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request. miniweb.exe del servidor web HMI de Siemens WinCC flexible 2004, 2005, 2007 y 2008 anteriores a SP3; WinCC V11 (portal TIA) anteriores a SP2 Update 1; los TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime no manejan apropiadamente URIs que comienzan con un caracter 0xfa, lo que permite a atacantes remotos leer localizaciones de memoria arbitrarias o provocar una denegación de servicio (caída de la aplicación) a través de una petición POST. • https://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://www.exploit-db.com/exploits/18166 http://www.osvdb.org/77384 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf https • CWE-20: Improper Input Validation •
CVE-2011-4875 – Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4875
Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings. Desbordamiento de buffer de pila en HmiLoad del cargador de tiempo de ejecución de Siemens WinCC flexible 2004, 2005, 2007, y 2008; WinCC V11 (TIA portal); TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; y WinCC flexible Runtime, cuando el modo de transferencia ("Transfer Mode") está habilitado, permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con cadenas de texto Unicode. • https://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://www.exploit-db.com/exploits/18166 http://www.osvdb.org/77380 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •