ID

VAR-201202-0043


CVE

CVE-2011-4508


TITLE

plural Siemens Product HMI Web Vulnerability that prevents authentication on the server

Trust: 0.8

sources: JVNDB: JVNDB-2012-001310

DESCRIPTION

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie. plural Siemens Product HMI Web The server Cookie There is a vulnerability that prevents authentication because it generates a predictable authentication token.Skillfully crafted by a third party Cookie Authentication may be bypassed. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. Multiple Siemens SIMATIC products have security vulnerabilities, and the insecure generation of authentication tokens (session COOKIE guesses) allows an attacker to bypass authentication checks and increase privileges without a username and password. An attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator

Trust: 2.7

sources: NVD: CVE-2011-4508 // JVNDB: JVNDB-2012-001310 // CNVD: CNVD-2011-5448 // BID: 51177 // IVD: 28828750-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52453

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 28828750-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5448

AFFECTED PRODUCTS

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mp

Trust: 2.4

vendor:siemensmodel:simatic hmi panelsscope:eqversion:op

Trust: 2.4

vendor:siemensmodel:simatic hmi panelsscope:eqversion:tp

Trust: 2.4

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2007

Trust: 1.7

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2005

Trust: 1.7

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2004

Trust: 1.7

vendor:siemensmodel:simatic hmi panelsscope:eqversion:comfort_panels

Trust: 1.6

vendor:siemensmodel:wincc runtime advancedscope:eqversion:v11

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:v11

Trust: 1.6

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mobile_panels

Trust: 1.6

vendor:siemensmodel:wincc flexiblescope:eqversion:2005

Trust: 1.0

vendor:siemensmodel:winccscope:lteversion:v11

Trust: 1.0

vendor:siemensmodel:wincc flexiblescope:eqversion:2007

Trust: 1.0

vendor:siemensmodel:wincc flexible runtimescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:wincc flexiblescope:eqversion:2004

Trust: 1.0

vendor:siemensmodel:wincc flexiblescope:eqversion:2008

Trust: 1.0

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2008

Trust: 0.9

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2008

Trust: 0.9

vendor:siemensmodel:simatic wincc flexible sp2scope:eqversion:2008

Trust: 0.9

vendor:siemensmodel:simatic wincc flexible sp1scope:eqversion:2005

Trust: 0.9

vendor:siemensmodel:simatic wincc flexible runtimescope:eqversion:0

Trust: 0.9

vendor:siemensmodel:simatic hmi panelsscope:eqversion:0

Trust: 0.9

vendor:siemensmodel:simatic wincc sp2scope:eqversion:v11

Trust: 0.9

vendor:siemensmodel:simatic wincc sp1scope:eqversion:v11

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:v11

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:0

Trust: 0.9

vendor:siemensmodel:simatic hmi panelsscope:eqversion:comfort panels

Trust: 0.8

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mobile panels

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:v11 sp2 update 1

Trust: 0.8

vendor:siemensmodel:simatic wincc flexiblescope:ltversion:2008 sp3

Trust: 0.8

vendor:siemensmodel:simatic wincc flexible rumtimescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:v11

Trust: 0.8

vendor:wincc flexiblemodel: - scope:eqversion:2008

Trust: 0.6

vendor:siemensmodel:wincc flexible runtimescope: - version: -

Trust: 0.6

vendor:winccmodel: - scope:eqversion:v11

Trust: 0.4

vendor:wincc flexiblemodel: - scope:eqversion:2004

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2005

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2007

Trust: 0.2

vendor:winccmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi panelsmodel:comfort panelsscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:mobile panelsscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:mpscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:opscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:tpscope: - version: -

Trust: 0.2

vendor:wincc runtime advancedmodel: - scope:eqversion:v11

Trust: 0.2

vendor:wincc flexible runtimemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 28828750-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5448 // BID: 51177 // JVNDB: JVNDB-2012-001310 // CNNVD: CNNVD-201112-422 // NVD: CVE-2011-4508

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4508
value: HIGH

Trust: 1.0

NVD: CVE-2011-4508
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201112-422
value: CRITICAL

Trust: 0.6

IVD: 28828750-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-52453
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-4508
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2011-4508
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IVD: 28828750-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52453
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 28828750-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52453 // JVNDB: JVNDB-2012-001310 // CNNVD: CNNVD-201112-422 // NVD: CVE-2011-4508

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-52453 // JVNDB: JVNDB-2012-001310 // NVD: CVE-2011-4508

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-422

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201112-422

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001310

PATCH

title:SSA-345442url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

Trust: 0.8

title:ソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:Top Pageurl:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Patch for multiple Siemens SIMATIC Product Verification Bypass Vulnerabilities (CNVD-2011-5448)url:https://www.cnvd.org.cn/patchInfo/show/72707

Trust: 0.6

sources: CNVD: CNVD-2011-5448 // JVNDB: JVNDB-2012-001310

EXTERNAL IDS

db:NVDid:CVE-2011-4508

Trust: 3.6

db:ICS CERTid:ICSA-12-030-01

Trust: 2.5

db:SIEMENSid:SSA-345442

Trust: 1.7

db:CNNVDid:CNNVD-201112-422

Trust: 0.9

db:BIDid:51177

Trust: 0.9

db:CNVDid:CNVD-2011-5448

Trust: 0.8

db:JVNDBid:JVNDB-2012-001310

Trust: 0.8

db:NSFOCUSid:18390

Trust: 0.6

db:ICS CERTid:ICSA-11-356-01

Trust: 0.3

db:ICS CERTid:ICSA-12-030-01A

Trust: 0.3

db:IVDid:28828750-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-52453

Trust: 0.1

sources: IVD: 28828750-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5448 // VULHUB: VHN-52453 // BID: 51177 // JVNDB: JVNDB-2012-001310 // CNNVD: CNNVD-201112-422 // NVD: CVE-2011-4508

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf

Trust: 2.5

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4508

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4508

Trust: 0.8

url:http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/http

Trust: 0.6

url:http://www.securityfocus.com/bid/51177

Trust: 0.6

url:http://www.nsfocus.net/vulndb/18390

Trust: 0.6

url:http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/pages/default.aspx

Trust: 0.3

url:http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/user-interface/pages/default.aspx

Trust: 0.3

url:http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/icsa-11-356-01.pdf

Trust: 0.3

sources: CNVD: CNVD-2011-5448 // VULHUB: VHN-52453 // BID: 51177 // JVNDB: JVNDB-2012-001310 // CNNVD: CNNVD-201112-422 // NVD: CVE-2011-4508

CREDITS

Billy Rios and Terry McCorkle

Trust: 0.9

sources: BID: 51177 // CNNVD: CNNVD-201112-422

SOURCES

db:IVDid:28828750-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5448
db:VULHUBid:VHN-52453
db:BIDid:51177
db:JVNDBid:JVNDB-2012-001310
db:CNNVDid:CNNVD-201112-422
db:NVDid:CVE-2011-4508

LAST UPDATE DATE

2024-08-14T13:36:41.772000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-5448date:2016-03-15T00:00:00
db:VULHUBid:VHN-52453date:2012-02-07T00:00:00
db:BIDid:51177date:2012-04-18T21:20:00
db:JVNDBid:JVNDB-2012-001310date:2012-02-08T00:00:00
db:CNNVDid:CNNVD-201112-422date:2012-01-05T00:00:00
db:NVDid:CVE-2011-4508date:2012-02-07T05:00:00

SOURCES RELEASE DATE

db:IVDid:28828750-2354-11e6-abef-000c29c66e3ddate:2011-12-26T00:00:00
db:CNVDid:CNVD-2011-5448date:2011-12-26T00:00:00
db:VULHUBid:VHN-52453date:2012-02-03T00:00:00
db:BIDid:51177date:2011-12-22T00:00:00
db:JVNDBid:JVNDB-2012-001310date:2012-02-08T00:00:00
db:CNNVDid:CNNVD-201112-422date:1900-01-01T00:00:00
db:NVDid:CVE-2011-4508date:2012-02-03T20:55:01.250