Directory Traversal Vulnerability in Siemens WinCC and HMI Web Server
CVE-2011-4878

Currently unrated

Key Information:

Vendor

Siemens
Status
Wincc Flexible
Vendor
CVE Published:
3 February 2012

What is CVE-2011-4878?

The vulnerability allows remote attackers to exploit a directory traversal weakness in the miniweb.exe component of the Siemens WinCC system. By manipulating the URI with a specially crafted request using a sequence like '..%5c', an attacker can gain unauthorized access to arbitrary files on the server. This poses significant risks as sensitive information could be disclosed, leading to further exploitation or data breaches in environments utilizing these systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-3...
x_refsource_MISC
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-3...
x_refsource_MISC
http://www.siemens.com/corporate-technology/pool/de/forsc...
x_refsource_CONFIRM

EPSS Score

19% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.