CVE-2011-4513 - Alert Detail - Security Database IT Watching

SECURITY DATABASE

SDCON
SDCON	(Critical)

OTHER

Report an error

OPEN STANDARDS

SUMMARY

Summary
Name	CVE-2011-4513

Informations
Vendor	Cve	First Publication	2012-02-03
Severity (Vendor)	Critical	Last Modification	2012-02-06

SECURITY-DATABASE SCORING CVSS v2

Cvss vector
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.

ORIGINAL SOURCES

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4513

CPE COMMON PLATFORM ENUMERATION

Type	Description	Count
Application	Siemens Simatic Hmi Panels cpe:/a:siemens:simatic_hmi_panels:tp cpe:/a:siemens:simatic_hmi_panels:op cpe:/a:siemens:simatic_hmi_panels:mp cpe:/a:siemens:simatic_hmi_panels:mobile_panels cpe:/a:siemens:simatic_hmi_panels:comfort_panels	5
Application	Siemens Wincc cpe:/a:siemens:wincc:v11	1
Application	Siemens Wincc Flexible cpe:/a:siemens:wincc_flexible:2008 cpe:/a:siemens:wincc_flexible:2007 cpe:/a:siemens:wincc_flexible:2005 cpe:/a:siemens:wincc_flexible:2004	4
Application	Siemens Wincc Flexible Runtime cpe:/a:siemens:wincc_flexible_runtime	1
Application	Siemens Wincc Runtime Advanced cpe:/a:siemens:wincc_runtime_advanced:v11	1

INTERNAL SOURCES (Detail)

Source	Url
CONFIRM	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ss...
MISC	http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf

Security-Database is a supporter of the "Making Security Measurable" effort..