TELNET Authentication Bypass in Siemens WinCC Flexible and HMI Panels
CVE-2011-4514

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc Flexible
Vendor: CVE Published:; 3 February 2012

Summary

The TELNET daemon in specific versions of Siemens WinCC software and SIMATIC HMI panels is susceptible to an authentication bypass vulnerability. This oversight allows remote attackers to exploit unprotected TCP sessions, granting them unauthorized access to the affected systems. This vulnerability emphasizes the critical need for robust authentication mechanisms in industrial control environments to safeguard against potential threats.

References

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 3, 2012