Beschreibung
Multiple critical vulnerabilities have been found in Siemens products. Malicious users can exploit these vulnerabilities to read & modify arbitrary files, cause denial of service, execute arbitrary code, bypass authentication, obtain access and inject arbitrary HTTP headers. Below is a complete list of vulnerabilities
- A directory traversal vulnerability can be exploited remotely via a specially designed request;
- Vectors related to HmiLoad can be exploited remotely via specially designed TCP data;
- A buffer overflow can be exploited remotely via vectors related to unicode strings;
- Improper URI handling can be exploited remotely via a specially designed POST request;
- Predictable auth tokens can be exploited remotely via specially designed cookies;
- Weak default passwords can be exploited remotely via brute-force;
- Lack of authentication in the TELNET daemon can be exploited remotely via TCP sessions;
- An XSS vulnerability can be exploited remotely;
- Vectors related to the HMI web-server and runtime loader can be exploited remotely;
- A CRLF vulnerability can be exploited remotely.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2011-4878 critical
- CVE-2011-4875 critical
- CVE-2011-4877 critical
- CVE-2011-4876 critical
- CVE-2011-4508 critical
- CVE-2011-4879 critical
- CVE-2011-4510 critical
- CVE-2011-4511 critical
- CVE-2011-4514 critical
- CVE-2011-4509 critical
- CVE-2011-4512 critical
- CVE-2011-4513 critical
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!