Denial of Service Vulnerability in Siemens WinCC Flexible and SIMATIC HMI Panels
CVE-2011-4877

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc Flexible
Vendor: CVE Published:; 3 February 2012

What is CVE-2011-4877?

The HmiLoad function in the runtime loader of Siemens' WinCC flexible versions and SIMATIC HMI panels is vulnerable due to mishandling of crafted data over TCP while Transfer Mode is enabled. This flaw can be exploited by remote attackers, leading to an application crash and service disruption, which poses significant risks to operational reliability and security in environments relying on these systems.

References

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-3...

x_refsource_MISC

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-3...

x_refsource_MISC

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

EPSS Score

23% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2012
Vulnerability Reserved
Dec 21, 2011