Stack-based Buffer Overflow in Siemens WinCC Flexible and HMI Panels
CVE-2011-4875

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc Flexible
Vendor: CVE Published:; 3 February 2012

Summary

A stack-based buffer overflow vulnerability has been identified in the HmiLoad component of the runtime loader used in various versions of Siemens WinCC Flexible and associated HMI panels, including WinCC V11. When Transfer Mode is enabled, this flaw allows remote attackers to execute arbitrary code by exploiting vulnerabilities related to Unicode string handling. Organizations using affected products are advised to review their security posture and apply recommended patches to mitigate potential exploitation risks.

References

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-3...

x_refsource_MISC

http://www.osvdb.org/77380

vdb-entryx_refsource_OSVDB

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-3...

x_refsource_MISC

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 3, 2012
Vulnerability Reserved
Dec 21, 2011