ID

VAR-201202-0047


CVE

CVE-2011-4512


TITLE

Siemens SIMATIC WinCC HMI Web Server Multiple Input Validation Vulnerabilities

Trust: 0.9

sources: BID: 51836 // CNNVD: CNNVD-201202-087

DESCRIPTION

CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. plural Siemens Product HMI Web The server CRLF An injection vulnerability exists.By any third party HTTP Inserted header, and HTTP Response splitting attacks can be triggered. Siemens SIMATIC is an automation software in a single engineering environment. The HMI web server has a header injection vulnerability that allows elevation of privilege, stealing data or breaking services. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions

Trust: 2.7

sources: NVD: CVE-2011-4512 // JVNDB: JVNDB-2012-001314 // CNVD: CNVD-2012-0462 // BID: 51836 // IVD: 289d30d2-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52457

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 289d30d2-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0462

AFFECTED PRODUCTS

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mp

Trust: 2.4

vendor:siemensmodel:simatic hmi panelsscope:eqversion:op

Trust: 2.4

vendor:siemensmodel:simatic hmi panelsscope:eqversion:tp

Trust: 2.4

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2007

Trust: 1.7

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2005

Trust: 1.7

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2004

Trust: 1.7

vendor:siemensmodel:simatic hmi panelsscope:eqversion:comfort_panels

Trust: 1.6

vendor:siemensmodel:wincc runtime advancedscope:eqversion:v11

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:v11

Trust: 1.6

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mobile_panels

Trust: 1.6

vendor:siemensmodel:wincc flexiblescope:eqversion:2005

Trust: 1.0

vendor:siemensmodel:winccscope:lteversion:v11

Trust: 1.0

vendor:siemensmodel:wincc flexiblescope:eqversion:2007

Trust: 1.0

vendor:siemensmodel:wincc flexible runtimescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:wincc flexiblescope:eqversion:2004

Trust: 1.0

vendor:siemensmodel:wincc flexiblescope:eqversion:2008

Trust: 1.0

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2008

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:v11

Trust: 0.9

vendor:siemensmodel:simatic hmi panelsscope:eqversion:comfort panels

Trust: 0.8

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mobile panels

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:v11 sp2 update 1

Trust: 0.8

vendor:siemensmodel:simatic wincc flexiblescope:ltversion:2008 sp3

Trust: 0.8

vendor:siemensmodel:simatic wincc flexible rumtimescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:v11

Trust: 0.8

vendor:wincc flexiblemodel: - scope:eqversion:2008

Trust: 0.6

vendor:siemensmodel:simatic wincc flexible runtimescope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic hmi panelsscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.6

vendor:siemensmodel:wincc flexible runtimescope: - version: -

Trust: 0.6

vendor:winccmodel: - scope:eqversion:v11

Trust: 0.4

vendor:siemensmodel:simatic wincc flexible runtimescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi panelsscope:eqversion:0

Trust: 0.3

vendor:wincc flexiblemodel: - scope:eqversion:2004

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2005

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2007

Trust: 0.2

vendor:winccmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi panelsmodel:comfort panelsscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:mobile panelsscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:mpscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:opscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:tpscope: - version: -

Trust: 0.2

vendor:wincc runtime advancedmodel: - scope:eqversion:v11

Trust: 0.2

vendor:wincc flexible runtimemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 289d30d2-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0462 // BID: 51836 // JVNDB: JVNDB-2012-001314 // CNNVD: CNNVD-201202-087 // NVD: CVE-2011-4512

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4512
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4512
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201202-087
value: MEDIUM

Trust: 0.6

IVD: 289d30d2-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-52457
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4512
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 289d30d2-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52457
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 289d30d2-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52457 // JVNDB: JVNDB-2012-001314 // CNNVD: CNNVD-201202-087 // NVD: CVE-2011-4512

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-52457 // JVNDB: JVNDB-2012-001314 // NVD: CVE-2011-4512

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-087

TYPE

Code injection

Trust: 0.8

sources: IVD: 289d30d2-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201202-087

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001314

PATCH

title:SSA-345442url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

Trust: 0.8

title:ソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:Top Pageurl:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC HMI Header Injection Vulnerability (CNVD-2012-0462)url:https://www.cnvd.org.cn/patchInfo/show/9060

Trust: 0.6

sources: CNVD: CNVD-2012-0462 // JVNDB: JVNDB-2012-001314

EXTERNAL IDS

db:NVDid:CVE-2011-4512

Trust: 3.6

db:ICS CERTid:ICSA-12-030-01

Trust: 3.4

db:SIEMENSid:SSA-345442

Trust: 1.7

db:CNVDid:CNVD-2012-0462

Trust: 0.8

db:CNNVDid:CNNVD-201202-087

Trust: 0.8

db:JVNDBid:JVNDB-2012-001314

Trust: 0.8

db:NSFOCUSid:18633

Trust: 0.6

db:ICS CERTid:ICSA-12-030-01A

Trust: 0.3

db:BIDid:51836

Trust: 0.3

db:IVDid:289D30D2-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-52457

Trust: 0.1

sources: IVD: 289d30d2-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0462 // VULHUB: VHN-52457 // BID: 51836 // JVNDB: JVNDB-2012-001314 // CNNVD: CNNVD-201202-087 // NVD: CVE-2011-4512

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf

Trust: 3.4

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4512

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4512

Trust: 0.8

url:http://www.nsfocus.net/vulndb/18633

Trust: 0.6

url:http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/pages/default.aspx

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf

Trust: 0.3

sources: CNVD: CNVD-2012-0462 // VULHUB: VHN-52457 // BID: 51836 // JVNDB: JVNDB-2012-001314 // CNNVD: CNNVD-201202-087 // NVD: CVE-2011-4512

CREDITS

ICS-CERT

Trust: 0.9

sources: BID: 51836 // CNNVD: CNNVD-201202-087

SOURCES

db:IVDid:289d30d2-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0462
db:VULHUBid:VHN-52457
db:BIDid:51836
db:JVNDBid:JVNDB-2012-001314
db:CNNVDid:CNNVD-201202-087
db:NVDid:CVE-2011-4512

LAST UPDATE DATE

2024-08-14T13:36:41.976000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0462date:2012-02-07T00:00:00
db:VULHUBid:VHN-52457date:2012-02-06T00:00:00
db:BIDid:51836date:2012-04-18T21:20:00
db:JVNDBid:JVNDB-2012-001314date:2012-02-08T00:00:00
db:CNNVDid:CNNVD-201202-087date:2012-02-07T00:00:00
db:NVDid:CVE-2011-4512date:2012-02-06T05:00:00

SOURCES RELEASE DATE

db:IVDid:289d30d2-2354-11e6-abef-000c29c66e3ddate:2012-02-07T00:00:00
db:CNVDid:CNVD-2012-0462date:2012-02-07T00:00:00
db:VULHUBid:VHN-52457date:2012-02-03T00:00:00
db:BIDid:51836date:2012-02-02T00:00:00
db:JVNDBid:JVNDB-2012-001314date:2012-02-08T00:00:00
db:CNNVDid:CNNVD-201202-087date:2012-02-07T00:00:00
db:NVDid:CVE-2011-4512date:2012-02-03T20:55:01.453