var-201202-0044
Vulnerability from variot
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. The default management password exists for multiple Siemens SIMATIC products. The default account password for the WEB interface is \"Administrator: 100\", and the password \"100\" can also be used for the VNC service. If the user changes the password containing special characters, the system will put the password. Reset to \"100\". The following products are affected by this vulnerability: SIMATIC WinCC Flexible 2004 through 2008 SP2SIMATIC WinCC V11, V11 SP1, and V11 SP2 SIMATIC HMI TP, OP, MP, Mobile, and Comfort Series Panels Successful exploits allow an attacker to log in with user or administrator privileges Affect the system. An attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0044",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc sp2",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc sp1",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "v11"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4509"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios and Terry McCorkle",
"sources": [
{
"db": "BID",
"id": "51177"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4509",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4509",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "2875d28a-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52454",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4509",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-423",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52454",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52454"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. The default management password exists for multiple Siemens SIMATIC products. The default account password for the WEB interface is \\\"Administrator: 100\\\", and the password \\\"100\\\" can also be used for the VNC service. If the user changes the password containing special characters, the system will put the password. Reset to \\\"100\\\". The following products are affected by this vulnerability: SIMATIC WinCC Flexible 2004 through 2008 SP2SIMATIC WinCC V11, V11 SP1, and V11 SP2 SIMATIC HMI TP, OP, MP, Mobile, and Comfort Series Panels Successful exploits allow an attacker to log in with user or administrator privileges Affect the system. \nAn attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks. The Siemens SIMATIC HMI product family is used as the human-machine interface between the corresponding PLC and the operator",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52454"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4509",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 2.5
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423",
"trust": 0.9
},
{
"db": "BID",
"id": "51177",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-5449",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "18390",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-11-356-01",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "2875D28A-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52454",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "VULHUB",
"id": "VHN-52454"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"id": "VAR-201202-0044",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "VULHUB",
"id": "VHN-52454"
}
],
"trust": 1.5622348525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
}
]
},
"last_update_date": "2023-12-18T12:22:07.472000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for multiple Siemens SIMATIC Product Verification Bypass Vulnerabilities (CNVD-2011-5449)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52454"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4509"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4509"
},
{
"trust": 0.6,
"url": "http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/http"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/51177"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18390"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/user-interface/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-11-356-01.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "VULHUB",
"id": "VHN-52454"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"db": "VULHUB",
"id": "VHN-52454"
},
{
"db": "BID",
"id": "51177"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-26T00:00:00",
"db": "IVD",
"id": "2875d28a-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52454"
},
{
"date": "2011-12-22T00:00:00",
"db": "BID",
"id": "51177"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"date": "2012-02-03T20:55:01.297000",
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5449"
},
{
"date": "2012-02-06T00:00:00",
"db": "VULHUB",
"id": "VHN-52454"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "51177"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001311"
},
{
"date": "2012-02-06T05:00:00",
"db": "NVD",
"id": "CVE-2011-4509"
},
{
"date": "2011-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product HMI Web Vulnerability to gain access rights on the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001311"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-423"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.