ID

VAR-201202-0165


CVE

CVE-2011-4878


TITLE

plural Siemens Product HMI Web Server traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-001320

DESCRIPTION

Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. plural Siemens Product HMI Web Server miniweb.exe Contains a directory traversal vulnerability.By a third party ..%5c ( Dot dot backslash ) including URI Any file may be read via. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. The HMI web server listening on TCP ports 80 and 443 does not correctly verify the URL in the HTTP request, and builds a URL containing a specially crafted slash to perform a directory traversal attack and read any file in the file system. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions. A remote attacker can exploit this vulnerability to read arbitrary files by means of ../ (dotted backslashes) in the URL

Trust: 2.7

sources: NVD: CVE-2011-4878 // JVNDB: JVNDB-2012-001320 // CNVD: CNVD-2012-0468 // BID: 51836 // IVD: 2848847e-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52823

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 2848847e-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0468

AFFECTED PRODUCTS

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mp

Trust: 2.4

vendor:siemensmodel:simatic hmi panelsscope:eqversion:tp

Trust: 2.4

vendor:siemensmodel:simatic hmi panelsscope:eqversion:op

Trust: 2.4

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2005

Trust: 1.7

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2004

Trust: 1.7

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2007

Trust: 1.7

vendor:siemensmodel:simatic hmi panelsscope:eqversion:comfort_panels

Trust: 1.6

vendor:siemensmodel:wincc runtime advancedscope:eqversion:v11

Trust: 1.6

vendor:siemensmodel:winccscope:eqversion:v11

Trust: 1.6

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mobile_panels

Trust: 1.6

vendor:siemensmodel:wincc flexiblescope:eqversion:2004

Trust: 1.0

vendor:siemensmodel:wincc flexible runtimescope:eqversion:*

Trust: 1.0

vendor:siemensmodel:wincc flexiblescope:eqversion:2007

Trust: 1.0

vendor:siemensmodel:winccscope:lteversion:v11

Trust: 1.0

vendor:siemensmodel:wincc flexiblescope:eqversion:2005

Trust: 1.0

vendor:siemensmodel:wincc flexiblescope:eqversion:2008

Trust: 1.0

vendor:siemensmodel:simatic wincc flexiblescope:eqversion:2008

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:v11

Trust: 0.9

vendor:siemensmodel:simatic winccscope:eqversion:sp2 update 1

Trust: 0.8

vendor:siemensmodel:simatic winccscope:ltversion:v11\\

Trust: 0.8

vendor:siemensmodel:simatic hmi panelsscope:eqversion:comfort panels

Trust: 0.8

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:v11

Trust: 0.8

vendor:siemensmodel:simatic hmi panelsscope:eqversion:mobile panels

Trust: 0.8

vendor:siemensmodel:simatic wincc flexible rumtimescope: - version: -

Trust: 0.8

vendor:wincc flexiblemodel: - scope:eqversion:2008

Trust: 0.6

vendor:siemensmodel:simatic hmi panelsscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic wincc flexible runtimescope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic wincc runtime advancedscope: - version: -

Trust: 0.6

vendor:siemensmodel:simatic winccscope: - version: -

Trust: 0.6

vendor:siemensmodel:wincc flexible runtimescope: - version: -

Trust: 0.6

vendor:winccmodel: - scope:eqversion:v11

Trust: 0.4

vendor:siemensmodel:simatic wincc flexible runtimescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc runtime advancedscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic winccscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic hmi panelsscope:eqversion:0

Trust: 0.3

vendor:wincc flexiblemodel: - scope:eqversion:2004

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2005

Trust: 0.2

vendor:wincc flexiblemodel: - scope:eqversion:2007

Trust: 0.2

vendor:winccmodel: - scope:eqversion:*

Trust: 0.2

vendor:simatic hmi panelsmodel:comfort panelsscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:mobile panelsscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:mpscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:opscope: - version: -

Trust: 0.2

vendor:simatic hmi panelsmodel:tpscope: - version: -

Trust: 0.2

vendor:wincc runtime advancedmodel: - scope:eqversion:v11

Trust: 0.2

vendor:wincc flexible runtimemodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 2848847e-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0468 // BID: 51836 // JVNDB: JVNDB-2012-001320 // CNNVD: CNNVD-201202-093 // NVD: CVE-2011-4878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4878
value: HIGH

Trust: 1.0

NVD: CVE-2011-4878
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201202-093
value: HIGH

Trust: 0.6

IVD: 2848847e-2354-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-52823
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-4878
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: 2848847e-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-52823
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 2848847e-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-52823 // JVNDB: JVNDB-2012-001320 // CNNVD: CNNVD-201202-093 // NVD: CVE-2011-4878

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-52823 // JVNDB: JVNDB-2012-001320 // NVD: CVE-2011-4878

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-093

TYPE

Path traversal

Trust: 0.8

sources: IVD: 2848847e-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201202-093

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-001320

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-52823

PATCH

title:SSA-345442url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

Trust: 0.8

title:ソリューションパートナーurl:http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx

Trust: 0.8

title:Top Pageurl:http://www.siemens.com/entry/jp/ja/

Trust: 0.8

title:Patch for Siemens SIMATIC WinCC HMI Directory Traversal Vulnerability (CNVD-2012-0468)url:https://www.cnvd.org.cn/patchInfo/show/9074

Trust: 0.6

sources: CNVD: CNVD-2012-0468 // JVNDB: JVNDB-2012-001320

EXTERNAL IDS

db:NVDid:CVE-2011-4878

Trust: 3.6

db:ICS CERTid:ICSA-12-030-01

Trust: 3.4

db:SIEMENSid:SSA-345442

Trust: 1.7

db:ICS CERT ALERTid:ICS-ALERT-11-332-02A

Trust: 1.1

db:ICS CERT ALERTid:ICS-ALERT-11-332-02

Trust: 1.1

db:EXPLOIT-DBid:18166

Trust: 1.1

db:OSVDBid:77383

Trust: 1.1

db:CNNVDid:CNNVD-201202-093

Trust: 0.9

db:CNVDid:CNVD-2012-0468

Trust: 0.8

db:JVNDBid:JVNDB-2012-001320

Trust: 0.8

db:NSFOCUSid:18633

Trust: 0.6

db:ICS CERTid:ICSA-12-030-01A

Trust: 0.3

db:BIDid:51836

Trust: 0.3

db:IVDid:2848847E-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-52823

Trust: 0.1

sources: IVD: 2848847e-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-0468 // VULHUB: VHN-52823 // BID: 51836 // JVNDB: JVNDB-2012-001320 // CNNVD: CNNVD-201202-093 // NVD: CVE-2011-4878

REFERENCES

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf

Trust: 3.4

url:http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

Trust: 1.7

url:http://www.exploit-db.com/exploits/18166

Trust: 1.1

url:http://aluigi.org/adv/winccflex_1-adv.txt

Trust: 1.1

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02.pdf

Trust: 1.1

url:http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02a.pdf

Trust: 1.1

url:http://www.osvdb.org/77383

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/71452

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4878

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4878

Trust: 0.8

url:http://aluigi.altervista.org/adv/winccflex_1-adv.txt

Trust: 0.6

url:http://www.nsfocus.net/vulndb/18633

Trust: 0.6

url:http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/pages/default.aspx

Trust: 0.3

url:http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf

Trust: 0.3

sources: CNVD: CNVD-2012-0468 // VULHUB: VHN-52823 // BID: 51836 // JVNDB: JVNDB-2012-001320 // CNNVD: CNNVD-201202-093 // NVD: CVE-2011-4878

CREDITS

ICS-CERT

Trust: 0.9

sources: BID: 51836 // CNNVD: CNNVD-201202-093

SOURCES

db:IVDid:2848847e-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-0468
db:VULHUBid:VHN-52823
db:BIDid:51836
db:JVNDBid:JVNDB-2012-001320
db:CNNVDid:CNNVD-201202-093
db:NVDid:CVE-2011-4878

LAST UPDATE DATE

2024-11-23T21:46:29.262000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2012-0468date:2012-02-07T00:00:00
db:VULHUBid:VHN-52823date:2017-08-29T00:00:00
db:BIDid:51836date:2012-04-18T21:20:00
db:JVNDBid:JVNDB-2012-001320date:2012-02-08T00:00:00
db:CNNVDid:CNNVD-201202-093date:2012-02-07T00:00:00
db:NVDid:CVE-2011-4878date:2024-11-21T01:33:11.850

SOURCES RELEASE DATE

db:IVDid:2848847e-2354-11e6-abef-000c29c66e3ddate:2012-02-07T00:00:00
db:CNVDid:CNVD-2012-0468date:2012-02-07T00:00:00
db:VULHUBid:VHN-52823date:2012-02-03T00:00:00
db:BIDid:51836date:2012-02-02T00:00:00
db:JVNDBid:JVNDB-2012-001320date:2012-02-08T00:00:00
db:CNNVDid:CNNVD-201202-093date:2012-02-07T00:00:00
db:NVDid:CVE-2011-4878date:2012-02-03T20:55:02.030