Authentication Bypass Vulnerability in Siemens HMI Web Server
CVE-2011-4508

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc Flexible
Vendor: CVE Published:; 3 February 2012

What is CVE-2011-4508?

The HMI web server in various Siemens WinCC products is susceptible to an authentication bypass due to the generation of predictable authentication tokens for cookies. This vulnerability allows remote attackers to craft specific cookies that facilitate bypassing the authentication mechanism, leading to unauthorized access to sensitive functionalities within impacted systems. Awareness and prompt remediation are essential to mitigate the risks associated with this vulnerability.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 3, 2012