CVE-2011-4509

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf	Vendor Advisory
http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:wincc_flexible:2004:::::::*
	cpe:2.3:a:siemens:wincc_flexible:2005:::::::*
	cpe:2.3:a:siemens:wincc_flexible:2007:::::::*
	cpe:2.3:a:siemens:wincc_flexible:2008:::::::*

Configuration 2 (hide)

cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:::::::*
	cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:::::::*
	cpe:2.3:a:siemens:simatic_hmi_panels:mp:::::::*
	cpe:2.3:a:siemens:simatic_hmi_panels:op:::::::*
	cpe:2.3:a:siemens:simatic_hmi_panels:tp:::::::*

Configuration 4 (hide)

cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-02-03 20:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-4509

Mitre link : CVE-2011-4509

CVE.ORG link : CVE-2011-4509

JSON object : View

Products Affected

siemens

wincc_flexible
wincc
wincc_flexible_runtime
wincc_runtime_advanced
simatic_hmi_panels

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2011-4509", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-02-03T20:55:01.297", "references": [{"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf", "tags": ["US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests."}, {"lang": "es", "value": "El servidor web HMI en Siemens WinCC flexible v2004, v2005, v2007 y v2008; WinCC V11 (tambi\u00e9n conocido como TIA Portal), el TP, OP, MP, Comfort Panels, y los paneles de Mobile Panels SIMATIC HMI, WinCC V11 Runtime Advanced, y WinCC Runtime, tiene una contrase\u00f1a por defecto mal seleccionado para la cuenta de administrador, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso usando fuerza bruta mediante el uso de gran cantidad de peticiones HTTP."}], "lastModified": "2012-02-06T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9"}, {"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C"}, {"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23"}, {"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10"}, {"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B"}, {"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730"}, {"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83"}, {"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}