cvelistv5 - cve-2011-4509

▼	URL	Tags
	cret@cert.org	http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf	Vendor Advisory
	cret@cert.org	http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf	US Government Resource

▼	Vendor	Product
	n/a	n/a

ghsa-xrjh-j238-j8p7

Vulnerability from github

Published

2022-05-17 05:34

Modified

2022-05-17 05:34

Details

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-4509"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-02-03T20:55:00Z",
    "severity": "HIGH"
  },
  "details": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.",
  "id": "GHSA-xrjh-j238-j8p7",
  "modified": "2022-05-17T05:34:42Z",
  "published": "2022-05-17T05:34:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4509"
    },
    {
      "type": "WEB",
      "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

var-201202-0044

Vulnerability from variot

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. The default management password exists for multiple Siemens SIMATIC products. The default account password for the WEB interface is \"Administrator: 100\", and the password \"100\" can also be used for the VNC service. If the user changes the password containing special characters, the system will put the password. Reset to \"100\". The following products are affected by this vulnerability: SIMATIC WinCC Flexible 2004 through 2008 SP2SIMATIC WinCC V11, V11 SP1, and V11 SP2 SIMATIC HMI TP, OP, MP, Mobile, and Comfort Series Panels Successful exploits allow an attacker to log in with user or administrator privileges Affect the system. An attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201202-0044",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "siemens",
        "version": "mp"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "siemens",
        "version": "op"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "siemens",
        "version": "tp"
      },
      {
        "model": "simatic wincc flexible",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "siemens",
        "version": "2008"
      },
      {
        "model": "simatic wincc flexible",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "siemens",
        "version": "2007"
      },
      {
        "model": "simatic wincc flexible",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "siemens",
        "version": "2005"
      },
      {
        "model": "simatic wincc flexible",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "siemens",
        "version": "2004"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 1.7,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "wincc flexible",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "2008"
      },
      {
        "model": "wincc",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "wincc flexible",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "2007"
      },
      {
        "model": "wincc runtime advanced",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "comfort_panels"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "siemens",
        "version": "mobile_panels"
      },
      {
        "model": "wincc flexible",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2005"
      },
      {
        "model": "wincc flexible",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2004"
      },
      {
        "model": "wincc flexible runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic wincc flexible sp1",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "2008"
      },
      {
        "model": "simatic wincc flexible sp2",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "2008"
      },
      {
        "model": "simatic wincc flexible sp1",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "2005"
      },
      {
        "model": "simatic wincc flexible runtime",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic wincc sp2",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "simatic wincc sp1",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "comfort panels"
      },
      {
        "model": "simatic hmi panels",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "mobile panels"
      },
      {
        "model": "simatic wincc flexible rumtime",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "v11"
      },
      {
        "model": "wincc flexible runtime",
        "scope": null,
        "trust": 0.6,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc flexible",
        "version": "2004"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc flexible",
        "version": "2005"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc flexible",
        "version": "2007"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc flexible",
        "version": "2008"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc",
        "version": "v11"
      },
      {
        "model": "comfort panels",
        "scope": null,
        "trust": 0.2,
        "vendor": "simatic hmi panels",
        "version": null
      },
      {
        "model": "mobile panels",
        "scope": null,
        "trust": 0.2,
        "vendor": "simatic hmi panels",
        "version": null
      },
      {
        "model": "mp",
        "scope": null,
        "trust": 0.2,
        "vendor": "simatic hmi panels",
        "version": null
      },
      {
        "model": "op",
        "scope": null,
        "trust": 0.2,
        "vendor": "simatic hmi panels",
        "version": null
      },
      {
        "model": "tp",
        "scope": null,
        "trust": 0.2,
        "vendor": "simatic hmi panels",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc runtime advanced",
        "version": "v11"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "wincc flexible runtime",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2875d28a-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5449"
      },
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-423"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4509"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Billy Rios and Terry McCorkle",
    "sources": [
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-423"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2011-4509",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2011-4509",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "2875d28a-2354-11e6-abef-000c29c66e3d",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-52454",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2011-4509",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201112-423",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "IVD",
            "id": "2875d28a-2354-11e6-abef-000c29c66e3d",
            "trust": 0.2,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-52454",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2875d28a-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52454"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-423"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. The default management password exists for multiple Siemens SIMATIC products. The default account password for the WEB interface is \\\"Administrator: 100\\\", and the password \\\"100\\\" can also be used for the VNC service. If the user changes the password containing special characters, the system will put the password. Reset to \\\"100\\\". The following products are affected by this vulnerability: SIMATIC WinCC Flexible 2004 through 2008 SP2SIMATIC WinCC V11, V11 SP1, and V11 SP2 SIMATIC HMI TP, OP, MP, Mobile, and Comfort Series Panels Successful exploits allow an attacker to log in with user or administrator privileges Affect the system. \nAn attacker can exploit these issues to bypass intended security   restrictions and gain access to the affected application.  Successfully   exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-4509"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5449"
      },
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "IVD",
        "id": "2875d28a-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52454"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-4509",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-12-030-01",
        "trust": 2.5
      },
      {
        "db": "SIEMENS",
        "id": "SSA-345442",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-423",
        "trust": 0.9
      },
      {
        "db": "BID",
        "id": "51177",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5449",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001311",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "18390",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-11-356-01",
        "trust": 0.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-12-030-01A",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "2875D28A-2354-11E6-ABEF-000C29C66E3D",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-52454",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2875d28a-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52454"
      },
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-423"
      }
    ]
  },
  "id": "VAR-201202-0044",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "2875d28a-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52454"
      }
    ],
    "trust": 1.5622348525
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "2875d28a-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5449"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:22:07.472000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-345442",
        "trust": 0.8,
        "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
      },
      {
        "title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
        "trust": 0.8,
        "url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
      },
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.siemens.com/entry/jp/ja/"
      },
      {
        "title": "Patch for multiple Siemens SIMATIC Product Verification Bypass Vulnerabilities (CNVD-2011-5449)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/72709"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-5449"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-52454"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4509"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
      },
      {
        "trust": 1.7,
        "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4509"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4509"
      },
      {
        "trust": 0.6,
        "url": "http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/http"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/51177"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/18390"
      },
      {
        "trust": 0.3,
        "url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/pages/default.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/user-interface/pages/default.aspx"
      },
      {
        "trust": 0.3,
        "url": "http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/"
      },
      {
        "trust": 0.3,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-356-01.pdf"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2011-5449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52454"
      },
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-423"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "2875d28a-2354-11e6-abef-000c29c66e3d"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2011-5449"
      },
      {
        "db": "VULHUB",
        "id": "VHN-52454"
      },
      {
        "db": "BID",
        "id": "51177"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-4509"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-423"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-12-26T00:00:00",
        "db": "IVD",
        "id": "2875d28a-2354-11e6-abef-000c29c66e3d"
      },
      {
        "date": "2011-12-26T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-5449"
      },
      {
        "date": "2012-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-52454"
      },
      {
        "date": "2011-12-22T00:00:00",
        "db": "BID",
        "id": "51177"
      },
      {
        "date": "2012-02-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      },
      {
        "date": "2012-02-03T20:55:01.297000",
        "db": "NVD",
        "id": "CVE-2011-4509"
      },
      {
        "date": "1900-01-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201112-423"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-03-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2011-5449"
      },
      {
        "date": "2012-02-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-52454"
      },
      {
        "date": "2012-04-18T21:20:00",
        "db": "BID",
        "id": "51177"
      },
      {
        "date": "2012-02-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      },
      {
        "date": "2012-02-06T05:00:00",
        "db": "NVD",
        "id": "CVE-2011-4509"
      },
      {
        "date": "2011-12-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201112-423"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-423"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Siemens Product  HMI Web Vulnerability to gain access rights on the server",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-001311"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201112-423"
      }
    ],
    "trust": 0.6
  }
}

gsd-2011-4509

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.

Aliases

CVE-2011-4509

Aliases

CVE-2011-4509

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-4509",
    "description": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.",
    "id": "GSD-2011-4509"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-4509"
      ],
      "details": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.",
      "id": "GSD-2011-4509",
      "modified": "2023-12-13T01:19:05.492893Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2011-4509",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
            "refsource": "CONFIRM",
            "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
          },
          {
            "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
            "refsource": "MISC",
            "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2011-4509"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf",
              "refsource": "MISC",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
            },
            {
              "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2012-02-06T05:00Z",
      "publishedDate": "2012-02-03T20:55Z"
    }
  }
}

Action not permitted

cve-2011-4509

Vulnerability from cvelistv5

ghsa-xrjh-j238-j8p7

Vulnerability from github

var-201202-0044

Vulnerability from variot

gsd-2011-4509

Vulnerability from gsd

Tags