Heap-based Buffer Overflow in Siemens WinCC Runtime Advanced Loader
CVE-2011-3321

Currently unrated

Key Information:

Vendor: Siemens
Status: Simatic Wincc Runtime; Simatic Wincc Flexible Runtime
Vendor: CVE Published:; 16 September 2011

Summary

A heap-based buffer overflow vulnerability exists in the Siemens WinCC Runtime Advanced Loader. This flaw can be exploited by remote attackers sending specially crafted packets to TCP port 2308, leading to memory corruption and denial of service. In some scenarios, there is a potential for attackers to execute arbitrary code, compromising the integrity and availability of the affected systems.

References

http://support.automation.siemens.com/WW/view/en/29054992

x_refsource_MISC

http://cache.automation.siemens.com/dnl/jI/jI0NDY5AAAA_29...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/69803

vdb-entryx_refsource_XF

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 16, 2011
Vulnerability Reserved
Aug 29, 2011