Details of VAR-201202-0046

ID

VAR-201202-0046

CVE

CVE-2011-4511

TITLE

plural Siemens Product HMI Web Server vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2012-001313

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510. plural Siemens Product HMI Web The server contains a cross-site scripting vulnerability. This vulnerability is CVE-2011-4510 This is a different vulnerability.By any third party, Web Script or HTML May be inserted. Siemens SIMATIC is an automation software in a single engineering environment. The SIMATIC HMI Smart Options web server has two separate cross-site scripting attacks that allow elevation of privilege, stealing data or corrupting services. SIMATIC HMI is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 2.79

sources: NVD: CVE-2011-4511 // JVNDB: JVNDB-2012-001313 // CNVD: CNVD-2012-0461 // BID: 51835 // IVD: 28629d64-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52456 // VULMON: CVE-2011-4511

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 28629d64-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0461

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic hmi panels	scope:	eq	version:	mp	Trust: 2.4
vendor:	siemens	model:	simatic hmi panels	scope:	eq	version:	op	Trust: 2.4
vendor:	siemens	model:	simatic hmi panels	scope:	eq	version:	tp	Trust: 2.4
vendor:	siemens	model:	simatic hmi panels	scope:	eq	version:	comfort_panels	Trust: 1.6
vendor:	siemens	model:	wincc runtime advanced	scope:	eq	version:	v11	Trust: 1.6
vendor:	siemens	model:	wincc	scope:	eq	version:	v11	Trust: 1.6
vendor:	siemens	model:	simatic hmi panels	scope:	eq	version:	mobile_panels	Trust: 1.6
vendor:	siemens	model:	simatic wincc flexible	scope:	eq	version:	2007	Trust: 1.4
vendor:	siemens	model:	simatic wincc flexible	scope:	eq	version:	2005	Trust: 1.4
vendor:	siemens	model:	simatic wincc flexible	scope:	eq	version:	2004	Trust: 1.4
vendor:	siemens	model:	wincc flexible	scope:	eq	version:	2005	Trust: 1.0
vendor:	siemens	model:	wincc	scope:	lte	version:	v11	Trust: 1.0
vendor:	siemens	model:	wincc flexible	scope:	eq	version:	2007	Trust: 1.0
vendor:	siemens	model:	wincc flexible runtime	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	wincc flexible	scope:	eq	version:	2004	Trust: 1.0
vendor:	siemens	model:	wincc flexible	scope:	eq	version:	2008	Trust: 1.0
vendor:	siemens	model:	simatic hmi panels	scope:	eq	version:	comfort panels	Trust: 0.8
vendor:	siemens	model:	simatic hmi panels	scope:	eq	version:	mobile panels	Trust: 0.8
vendor:	siemens	model:	simatic wincc	scope:	lt	version:	v11 sp2 update 1	Trust: 0.8
vendor:	siemens	model:	simatic wincc flexible	scope:	lt	version:	2008 sp3	Trust: 0.8
vendor:	siemens	model:	simatic wincc flexible rumtime	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic wincc runtime advanced	scope:	eq	version:	v11	Trust: 0.8
vendor:	wincc flexible	model:	-	scope:	eq	version:	2008	Trust: 0.6
vendor:	siemens	model:	simatic wincc flexible runtime	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc runtime advanced	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc flexible	scope:	eq	version:	2008	Trust: 0.6
vendor:	siemens	model:	simatic hmi panels	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc	scope:	eq	version:	v11	Trust: 0.6
vendor:	siemens	model:	wincc flexible runtime	scope:	-	version:	-	Trust: 0.6
vendor:	wincc	model:	-	scope:	eq	version:	v11	Trust: 0.4
vendor:	siemens	model:	simatic hmi smart options	scope:	eq	version:	0	Trust: 0.3
vendor:	siemens	model:	simatic hmi	scope:	eq	version:	0	Trust: 0.3
vendor:	wincc flexible	model:	-	scope:	eq	version:	2004	Trust: 0.2
vendor:	wincc flexible	model:	-	scope:	eq	version:	2005	Trust: 0.2
vendor:	wincc flexible	model:	-	scope:	eq	version:	2007	Trust: 0.2
vendor:	wincc	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	simatic hmi panels	model:	comfort panels	scope:	-	version:	-	Trust: 0.2
vendor:	simatic hmi panels	model:	mobile panels	scope:	-	version:	-	Trust: 0.2
vendor:	simatic hmi panels	model:	mp	scope:	-	version:	-	Trust: 0.2
vendor:	simatic hmi panels	model:	op	scope:	-	version:	-	Trust: 0.2
vendor:	simatic hmi panels	model:	tp	scope:	-	version:	-	Trust: 0.2
vendor:	wincc runtime advanced	model:	-	scope:	eq	version:	v11	Trust: 0.2
vendor:	wincc flexible runtime	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 28629d64-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0461 // BID: 51835 // JVNDB: JVNDB-2012-001313 // CNNVD: CNNVD-201202-086 // NVD: CVE-2011-4511

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4511
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4511
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201202-086
value:	MEDIUM
Trust: 0.6
IVD:	28629d64-2354-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-52456
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2011-4511
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-4511
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
IVD:	28629d64-2354-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-52456
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 28629d64-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52456 // VULMON: CVE-2011-4511 // JVNDB: JVNDB-2012-001313 // CNNVD: CNNVD-201202-086 // NVD: CVE-2011-4511

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-52456 // JVNDB: JVNDB-2012-001313 // NVD: CVE-2011-4511

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-086

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201202-086

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001313

PATCH

title:	SSA-345442	url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf	Trust: 0.8
title:	ソリューションパートナー	url:	http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx	Trust: 0.8
title:	Top Page	url:	http://www.siemens.com/entry/jp/ja/	Trust: 0.8
title:	Patch for Siemens SIMATIC WinCC HMI Cross-Site Scripting Vulnerability (CNVD-2012-0461)	url:	https://www.cnvd.org.cn/patchInfo/show/9059	Trust: 0.6

sources: CNVD: CNVD-2012-0461 // JVNDB: JVNDB-2012-001313

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4511	Trust: 3.7
db:	ICS CERT	id:	ICSA-12-030-01	Trust: 3.5
db:	SIEMENS	id:	SSA-345442	Trust: 1.8
db:	CNNVD	id:	CNNVD-201202-086	Trust: 0.9
db:	CNVD	id:	CNVD-2012-0461	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-001313	Trust: 0.8
db:	NSFOCUS	id:	19403	Trust: 0.6
db:	ICS CERT	id:	ICSA-12-030-01A	Trust: 0.4
db:	BID	id:	51835	Trust: 0.4
db:	IVD	id:	28629D64-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-52456	Trust: 0.1
db:	VULMON	id:	CVE-2011-4511	Trust: 0.1

sources: IVD: 28629d64-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0461 // VULHUB: VHN-52456 // VULMON: CVE-2011-4511 // BID: 51835 // JVNDB: JVNDB-2012-001313 // CNNVD: CNNVD-201202-086 // NVD: CVE-2011-4511

REFERENCES

url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf	Trust: 3.5
url:	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4511	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4511	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/19403	Trust: 0.6
url:	http://www.automation.siemens.com/mcms/automation/en/human-machine-interface/pages/default.aspx	Trust: 0.3
url:	http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/51835	Trust: 0.1
url:	https://ics-cert.us-cert.gov/advisories/icsa-12-030-01a	Trust: 0.1

sources: CNVD: CNVD-2012-0461 // VULHUB: VHN-52456 // VULMON: CVE-2011-4511 // BID: 51835 // JVNDB: JVNDB-2012-001313 // CNNVD: CNNVD-201202-086 // NVD: CVE-2011-4511

CREDITS

Billy Rios, Terry McCorkle, Shawn Merdinger, and Luigi Auriemma.

Trust: 0.3

sources: BID: 51835

SOURCES

db:	IVD	id:	28629d64-2354-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-0461
db:	VULHUB	id:	VHN-52456
db:	VULMON	id:	CVE-2011-4511
db:	BID	id:	51835
db:	JVNDB	id:	JVNDB-2012-001313
db:	CNNVD	id:	CNNVD-201202-086
db:	NVD	id:	CVE-2011-4511

LAST UPDATE DATE

2024-08-14T13:36:41.815000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-0461	date:	2012-02-07T00:00:00
db:	VULHUB	id:	VHN-52456	date:	2012-02-06T00:00:00
db:	VULMON	id:	CVE-2011-4511	date:	2012-02-06T00:00:00
db:	BID	id:	51835	date:	2012-04-18T21:20:00
db:	JVNDB	id:	JVNDB-2012-001313	date:	2012-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201202-086	date:	2012-02-07T00:00:00
db:	NVD	id:	CVE-2011-4511	date:	2012-02-06T05:00:00

SOURCES RELEASE DATE

db:	IVD	id:	28629d64-2354-11e6-abef-000c29c66e3d	date:	2012-02-07T00:00:00
db:	CNVD	id:	CNVD-2012-0461	date:	2012-02-07T00:00:00
db:	VULHUB	id:	VHN-52456	date:	2012-02-03T00:00:00
db:	VULMON	id:	CVE-2011-4511	date:	2012-02-03T00:00:00
db:	BID	id:	51835	date:	2012-01-30T00:00:00
db:	JVNDB	id:	JVNDB-2012-001313	date:	2012-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201202-086	date:	2012-02-07T00:00:00
db:	NVD	id:	CVE-2011-4511	date:	2012-02-03T20:55:01.407