ID

VAR-201202-0048


CVE

CVE-2011-4513


TITLE

plural Siemens Vulnerabilities in products that allow arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-001315

DESCRIPTION

Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader. plural Siemens The product includes HMI Web An arbitrary code execution vulnerability exists due to a flaw in processing related to the server and runtime loader.Crafted by attackers project An arbitrary code may be executed via the file. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. Social engineering is required to enable administrators to download files and execute them. SIMATIC Wincc Runtime Advanced is prone to a remote security vulnerability. Vulnerabilities exist in several versions of Siemens SIMATIC WinCC

Trust: 2.7

sources: NVD: CVE-2011-4513 // JVNDB: JVNDB-2012-001315 // CNVD: CNVD-2012-0463 // BID: 78355 // IVD: 28dd62b0-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52458

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 28dd62b0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0463

AFFECTED PRODUCTS

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mp

Trust: 2.4

vendor:siemensmodel:simatic hmi panelsscope:eqversion:op

Trust: 2.4

vendor:siemensmodel:simatic hmi panelsscope:eqversion:tp

Trust: 2.4

vendor:siemensmodel:wincc flexiblescope:eqversion:2008

Trust: 1.9

vendor:siemensmodel:wincc flexiblescope:eqversion:2007

Trust: 1.9

vendor:siemensmodel:winccscope:eqversion:v11

Trust: 1.9

vendor:siemensmodel:simatic hmi panelsscope:eqversion:comfort_panels

Trust: 1.6

vendor:siemensmodel:wincc runtime advancedscope:eqversion:v11

Trust: 1.6

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mobile_panels

Trust: 1.6

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2008

Trust: 1.4

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2007

Trust: 1.4

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2005

Trust: 1.4

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2004

Trust: 1.4

vendor:siemensmodel:simatic winccscope:eqversion:v11

Trust: 1.4

vendor:siemensmodel:wincc flexiblescope:eqversion:2005

Trust: 1.3

vendor:siemensmodel:wincc flexiblescope:eqversion:2004

Trust: 1.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:v11

Trust: 1.1

vendor:siemensmodel:wincc flexible runtimescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:simatic hmi panelsscope:eqversion:comfort panels

Trust: 0.8

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mobile panels

Trust: 0.8

vendor:siemensmodel:simatic wincc flexible rumtimescope: - version: -

Trust: 0.8

vendor:siemensmodel:simatic wincc flexible runtimescope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic hmi panelsscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.6

vendor:siemensmodel:wincc flexible runtimescope: - version: -

Trust: 0.6

vendor:siemensmodel:wincc flexible runtimescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi panels tpscope: - version: -

Trust: 0.3

vendor:siemensmodel:simatic hmi panels opscope: - version: -

Trust: 0.3

vendor:siemensmodel:simatic hmi panels mpscope: - version: -

Trust: 0.3

vendor:siemensmodel:simatic hmi panels mobile panelsscope: - version: -

Trust: 0.3

vendor:siemensmodel:simatic hmi panels comfort panelsscope: - version: -

Trust: 0.3

vendor:wincc flexiblemodel: - scope:eqversion:2004

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2005

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2007

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2008

Trust: 0.2

vendor:winccmodel: - scope:eqversion:v11

Trust: 0.2

vendor:simatic hmi panelsmodel:comfort panelsscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:mobile panelsscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:mpscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:opscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:tpscope: - version: -

Trust: 0.2

vendor:wincc runtime advancedmodel: - scope:eqversion:v11

Trust: 0.2

vendor:wincc flexible runtimemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 28dd62b0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0463 // BID: 78355 // JVNDB: JVNDB-2012-001315 // CNNVD: CNNVD-201202-088 // NVD: CVE-2011-4513

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4513
value: HIGH

Trust: 1.0

NVD: CVE-2011-4513
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201202-088
value: CRITICAL

Trust: 0.6

IVD: 28dd62b0-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

VULHUB: VHN-52458
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-4513
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 28dd62b0-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52458
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 28dd62b0-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52458 // JVNDB: JVNDB-2012-001315 // CNNVD: CNNVD-201202-088 // NVD: CVE-2011-4513

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2011-4513

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-088

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201202-088

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001315

PATCH

title:SSA-345442url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

Trust: 0.8

title:ソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:Top Pageurl:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC HMI Vulnerability (CNVD-2012-0463)url:https://www.cnvd.org.cn/patchInfo/show/9061

Trust: 0.6

sources: CNVD: CNVD-2012-0463 // JVNDB: JVNDB-2012-001315

EXTERNAL IDS

db:NVDid:CVE-2011-4513

Trust: 3.6

db:ICS CERTid:ICSA-12-030-01

Trust: 3.4

db:SIEMENSid:SSA-345442

Trust: 2.0

db:CNVDid:CNVD-2012-0463

Trust: 0.8

db:CNNVDid:CNNVD-201202-088

Trust: 0.8

db:JVNDBid:JVNDB-2012-001315

Trust: 0.8

db:BIDid:78355

Trust: 0.4

db:IVDid:28DD62B0-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-52458

Trust: 0.1

sources: IVD: 28dd62b0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0463 // VULHUB: VHN-52458 // BID: 78355 // JVNDB: JVNDB-2012-001315 // CNNVD: CNNVD-201202-088 // NVD: CVE-2011-4513

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf

Trust: 3.4

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4513

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4513

Trust: 0.8

sources: CNVD: CNVD-2012-0463 // VULHUB: VHN-52458 // BID: 78355 // JVNDB: JVNDB-2012-001315 // CNNVD: CNNVD-201202-088 // NVD: CVE-2011-4513

CREDITS

Unknown

Trust: 0.3

sources: BID: 78355

SOURCES

db:IVDid:28dd62b0-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0463
db:VULHUBid:VHN-52458
db:BIDid:78355
db:JVNDBid:JVNDB-2012-001315
db:CNNVDid:CNNVD-201202-088
db:NVDid:CVE-2011-4513

LAST UPDATE DATE

2024-08-14T13:36:42.018000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0463date:2012-02-07T00:00:00
db:VULHUBid:VHN-52458date:2012-02-06T00:00:00
db:BIDid:78355date:2012-02-03T00:00:00
db:JVNDBid:JVNDB-2012-001315date:2012-02-08T00:00:00
db:CNNVDid:CNNVD-201202-088date:2012-02-13T00:00:00
db:NVDid:CVE-2011-4513date:2012-02-06T05:00:00

SOURCES RELEASE DATE

db:IVDid:28dd62b0-2354-11e6-abef-000c29c66e3ddate:2012-02-07T00:00:00
db:CNVDid:CNVD-2012-0463date:2012-02-07T00:00:00
db:VULHUBid:VHN-52458date:2012-02-03T00:00:00
db:BIDid:78355date:2012-02-03T00:00:00
db:JVNDBid:JVNDB-2012-001315date:2012-02-08T00:00:00
db:CNNVDid:CNNVD-201202-088date:2012-02-07T00:00:00
db:NVDid:CVE-2011-4513date:2012-02-03T20:55:01.513