Kaspersky Threats

Detect date

?

01/24/2012

Severity

?

Critical

Description

Multiple critical vulnerabilities have been found in Siemens products. Malicious users can exploit these vulnerabilities to read & modify arbitrary files, cause denial of service, execute arbitrary code, bypass authentication, obtain access and inject arbitrary HTTP headers. Below is a complete list of vulnerabilities

A directory traversal vulnerability can be exploited remotely via a specially designed request;
Vectors related to HmiLoad can be exploited remotely via specially designed TCP data;
A buffer overflow can be exploited remotely via vectors related to unicode strings;
Improper URI handling can be exploited remotely via a specially designed POST request;
Predictable auth tokens can be exploited remotely via specially designed cookies;
Weak default passwords can be exploited remotely via brute-force;
Lack of authentication in the TELNET daemon can be exploited remotely via TCP sessions;
An XSS vulnerability can be exploited remotely;
Vectors related to the HMI web-server and runtime loader can be exploited remotely;
A CRLF vulnerability can be exploited remotely.

Affected products

Siemens WinCC flexible versions 2004, 2005, 2007 and 2008 earlier than SP 3
Siemens WinCC, WinCC Runtime Advanced version 11
Siemens Simatic HMI Panels TP, OP, MP, Comfort, Mobile
Siemens WinCC flexible Runtime

Solution

Update to latest version

Original advisories

Siemens bulletin

Impacts

?

ACE

[?]

DoS

[?]

CI

[?]

SB

[?]

WLF

[?]

RLF

[?]

Detect date ?	01/24/2012
Severity ?	Critical
Description	Multiple critical vulnerabilities have been found in Siemens products. Malicious users can exploit these vulnerabilities to read & modify arbitrary files, cause denial of service, execute arbitrary code, bypass authentication, obtain access and inject arbitrary HTTP headers. Below is a complete list of vulnerabilities A directory traversal vulnerability can be exploited remotely via a specially designed request; Vectors related to HmiLoad can be exploited remotely via specially designed TCP data; A buffer overflow can be exploited remotely via vectors related to unicode strings; Improper URI handling can be exploited remotely via a specially designed POST request; Predictable auth tokens can be exploited remotely via specially designed cookies; Weak default passwords can be exploited remotely via brute-force; Lack of authentication in the TELNET daemon can be exploited remotely via TCP sessions; An XSS vulnerability can be exploited remotely; Vectors related to the HMI web-server and runtime loader can be exploited remotely; A CRLF vulnerability can be exploited remotely.
Affected products	Siemens WinCC flexible versions 2004, 2005, 2007 and 2008 earlier than SP 3 Siemens WinCC, WinCC Runtime Advanced version 11 Siemens Simatic HMI Panels TP, OP, MP, Comfort, Mobile Siemens WinCC flexible Runtime
Solution	Update to latest version
Original advisories	Siemens bulletin
Impacts ?	ACE [?] DoS [?] CI [?] SB [?] WLF [?] RLF [?]
Related products	WinCC flexible Simatic HMI Panels
CVE-IDS ?	CVE-2011-48787.8Critical CVE-2011-48759.3Critical CVE-2011-48777.1High CVE-2011-48769.3Critical CVE-2011-45089.3Critical CVE-2011-48798.5Critical CVE-2011-45104.3Warning CVE-2011-45114.3Warning CVE-2011-45125.0Critical
Exploitation	Public exploits exist for this vulnerability.
	Find out the statistics of the vulnerabilities spreading in your region

KLA10394Multiple vulnerabilities in Siemens

KLA10394
Multiple vulnerabilities in Siemens