Remote Code Execution in Siemens WinCC Flexible and HMI Panels
CVE-2011-4513

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc Flexible
Vendor: CVE Published:; 3 February 2012

Summary

A critical vulnerability exists in Siemens WinCC Flexible and various HMI panels, enabling remote attackers to execute arbitrary code. This vulnerability arises through the processing of a specially crafted project file, which exploits weaknesses in the HMI web server and runtime loader. Systems using WinCC Flexible versions 2004 to 2008 and WinCC V11 (also known as TIA Portal), along with related HMI devices like TP, OP, MP, and Comfort Panels, are at risk. Proper management and timely updates can help mitigate the risks associated with this vulnerability.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 3, 2012