FKIE_CVE-2011-4509

Vulnerability from fkie_nvd - Published: 2012-02-03 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.
References
cret@cert.orghttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdfVendor Advisory
cret@cert.orghttp://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdfUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdfUS Government Resource
Impacted products
Vendor Product Version
siemens wincc_flexible 2004
siemens wincc_flexible 2005
siemens wincc_flexible 2007
siemens wincc_flexible 2008
siemens wincc v11
siemens simatic_hmi_panels comfort_panels
siemens simatic_hmi_panels mobile_panels
siemens simatic_hmi_panels mp
siemens simatic_hmi_panels op
siemens simatic_hmi_panels tp
siemens wincc_runtime_advanced v11
siemens wincc_flexible_runtime *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
              "matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
              "matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests."
    },
    {
      "lang": "es",
      "value": "El servidor web HMI en Siemens WinCC flexible v2004, v2005, v2007 y v2008; WinCC V11 (tambi\u00e9n conocido como TIA Portal), el TP, OP, MP, Comfort Panels, y los paneles de Mobile Panels SIMATIC HMI, WinCC V11 Runtime Advanced, y WinCC Runtime, tiene una contrase\u00f1a por defecto mal seleccionado para la cuenta de administrador, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso usando fuerza bruta mediante el uso de gran cantidad de peticiones HTTP."
    }
  ],
  "id": "CVE-2011-4509",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-02-03T20:55:01.297",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.