Directory Traversal Vulnerability in Siemens WinCC and HMI Web Server
CVE-2011-4878

Currently unrated

Key Information:

Vendor: Siemens
Status: Wincc Flexible
Vendor: CVE Published:; 3 February 2012

Summary

The vulnerability allows remote attackers to exploit a directory traversal weakness in the miniweb.exe component of the Siemens WinCC system. By manipulating the URI with a specially crafted request using a sequence like '..%5c', an attacker can gain unauthorized access to arbitrary files on the server. This poses significant risks as sensitive information could be disclosed, leading to further exploitation or data breaches in environments utilizing these systems.

References

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-3...

x_refsource_MISC

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-3...

x_refsource_MISC

http://www.siemens.com/corporate-technology/pool/de/forsc...

x_refsource_CONFIRM

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 3, 2012
Vulnerability Reserved
Dec 21, 2011