KLA10394
Multiple vulnerabilities in Siemens
Updated: 06/01/2019
Detect date
?
01/24/2012
Severity
?
Critical
Description

Multiple critical vulnerabilities have been found in Siemens products. Malicious users can exploit these vulnerabilities to read & modify arbitrary files, cause denial of service, execute arbitrary code, bypass authentication, obtain access and inject arbitrary HTTP headers. Below is a complete list of vulnerabilities

  1. A directory traversal vulnerability can be exploited remotely via a specially designed request;
  2. Vectors related to HmiLoad can be exploited remotely via specially designed TCP data;
  3. A buffer overflow can be exploited remotely via vectors related to unicode strings;
  4. Improper URI handling can be exploited remotely via a specially designed POST request;
  5. Predictable auth tokens can be exploited remotely via specially designed cookies;
  6. Weak default passwords can be exploited remotely via brute-force;
  7. Lack of authentication in the TELNET daemon can be exploited remotely via TCP sessions;
  8. An XSS vulnerability can be exploited remotely;
  9. Vectors related to the HMI web-server and runtime loader can be exploited remotely;
  10. A CRLF vulnerability can be exploited remotely.
Affected products

Siemens WinCC flexible versions 2004, 2005, 2007 and 2008 earlier than SP 3
Siemens WinCC, WinCC Runtime Advanced version 11
Siemens Simatic HMI Panels TP, OP, MP, Comfort, Mobile
Siemens WinCC flexible Runtime

Solution

Update to latest version

Original advisories

Siemens bulletin

Impacts
?
ACE 
[?]

DoS 
[?]

CI 
[?]

SB 
[?]

WLF 
[?]

RLF 
[?]
CVE-IDS
?
CVE-2011-48787.8Critical
CVE-2011-48759.3Critical
CVE-2011-48777.1High
CVE-2011-48769.3Critical
CVE-2011-45089.3Critical
CVE-2011-48798.5Critical
CVE-2011-45104.3Warning
CVE-2011-45114.3Warning
CVE-2011-451410.0Critical
CVE-2011-450910.0Critical
CVE-2011-45125.0Critical
CVE-2011-451310.0Critical