CVE-2011-4508

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.0930%

EPSS Percentile17.22th

Published2012年2月3日

Last Modified2026年4月29日

Vulnerability Description

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication tokens for cookies, which makes it easier for remote attackers to bypass authentication via a crafted cookie.

Affected Platforms (CPE)

📦

Siemens

Wincc Flexible

= 2004

📦

Siemens

Wincc Flexible

= 2005

📦

Siemens

Wincc Flexible

= 2007

📦

Siemens

Wincc Flexible

= 2008

📦

Siemens

Wincc Flexible

= 2008

📦

Siemens

Wincc Flexible

= 2008

📦

Siemens

Wincc

<= v11

📦

Siemens

Wincc

= v11

📦

Siemens

Wincc

= v11

📦

Siemens

Simatic Hmi Panels

= comfort_panels

📦

Siemens

Simatic Hmi Panels

= mobile_panels

📦

Siemens

Simatic Hmi Panels

= mp

📦

Siemens

Simatic Hmi Panels

= op

📦

Siemens

Simatic Hmi Panels

= tp

📦

Siemens

Wincc Runtime Advanced

= v11

📦

Siemens

Wincc Flexible Runtime

All versions

References & Advisories

🔗 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

🔗 http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf

🔗 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf

🔗 http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf

Vulnerability Description

Affected Platforms (CPE)

Wincc Flexible

Wincc Flexible

Wincc Flexible

Wincc Flexible

Wincc Flexible

Wincc Flexible

Wincc

Wincc

Wincc

Simatic Hmi Panels

Simatic Hmi Panels

Simatic Hmi Panels

Simatic Hmi Panels

Simatic Hmi Panels

Wincc Runtime Advanced

Wincc Flexible Runtime

References & Advisories

関連する脆弱性情報