Lucene search

CertccCVE-2011-4879

HistoryFeb 03, 2012 - 8:55 p.m.

CVE-2011-4879

2012-02-0320:55:02

CWE-20

certcc

web.nvd.nist.gov

siemens

wincc

hmi

miniweb.exe

cve-2011-4879

security vulnerability

remote attack

denial of service

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

AI Score

6.9

Confidence

Low

EPSS

0.024

Percentile

89.9%

JSON

miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.

Affected configurations

Nvd

Node

siemenswincc_flexibleMatch2004

siemenswincc_flexibleMatch2005

siemenswincc_flexibleMatch2007

siemenswincc_flexibleMatch2008

siemenswincc_flexibleMatch2008sp1

siemenswincc_flexibleMatch2008sp2

Node

siemenswinccRange≤v11sp2

siemenswinccMatchv11

siemenswinccMatchv11sp1

Node

siemenssimatic_hmi_panelsMatchcomfort_panels

siemenssimatic_hmi_panelsMatchmobile_panels

siemenssimatic_hmi_panelsMatchmp

siemenssimatic_hmi_panelsMatchop

siemenssimatic_hmi_panelsMatchtp

Node

siemenswincc_runtime_advancedMatchv11

Node

siemenswincc_flexible_runtime

VendorProductVersionCPE
siemenswincc_flexible2004cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*
siemenswincc_flexible2005cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*
siemenswincc_flexible2007cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*
siemenswincc_flexible2008cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*
siemenswincc_flexible2008cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*
siemenswincc_flexible2008cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*
siemenswincc*cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*
siemenswinccv11cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*
siemenswinccv11cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*
siemenssimatic_hmi_panelscomfort_panelscpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	wincc_flexible	2004	cpe:2.3:a:siemens:wincc_flexible:2004:::::::*
siemens	wincc_flexible	2005	cpe:2.3:a:siemens:wincc_flexible:2005:::::::*
siemens	wincc_flexible	2007	cpe:2.3:a:siemens:wincc_flexible:2007:::::::*
siemens	wincc_flexible	2008	cpe:2.3:a:siemens:wincc_flexible:2008:::::::*
siemens	wincc_flexible	2008	cpe:2.3:a:siemens:wincc_flexible:2008:sp1::::::
siemens	wincc_flexible	2008	cpe:2.3:a:siemens:wincc_flexible:2008:sp2::::::
siemens	wincc	*	cpe:2.3:a:siemens:wincc::sp2::::::*
siemens	wincc	v11	cpe:2.3:a:siemens:wincc:v11:::::::*
siemens	wincc	v11	cpe:2.3:a:siemens:wincc:v11:sp1::::::
siemens	simatic_hmi_panels	comfort_panels	cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:::::::*