VAR-201202-0162
Vulnerability from variot - Updated: 2023-12-18 12:22Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings. Miniweb has a security vulnerability that allows an attacker to submit a specially crafted HTTP POST request to allow the server to access any illegal memory area while checking the extension of the requested file. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. HmiLoad has multiple security vulnerabilities that allow an attacker to stop a service or crash a service in multiple ways. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. When the transfer mode is enabled, the runtime loader listens on the 2308/TCP or 50523/TCP port. Without the correct data segment length and Unicode string, a stack overflow can be triggered, causing arbitrary code execution. A directory traversal vulnerability exists in the HmiLoad server that allows reading, writing, and deleting arbitrary files outside of the specified directory. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, read/write or delete arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 3.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 3.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 1.4,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc flexible sp2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2008*"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc flexible sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "v11"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4875"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma",
"sources": [
{
"db": "BID",
"id": "50828"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4875",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "28c3f672-2354-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-52820",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4875",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-090",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52820",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52820"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings. Miniweb has a security vulnerability that allows an attacker to submit a specially crafted HTTP POST request to allow the server to access any illegal memory area while checking the extension of the requested file. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. HmiLoad has multiple security vulnerabilities that allow an attacker to stop a service or crash a service in multiple ways. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. When the transfer mode is enabled, the runtime loader listens on the 2308/TCP or 50523/TCP port. Without the correct data segment length and Unicode string, a stack overflow can be triggered, causing arbitrary code execution. A directory traversal vulnerability exists in the HmiLoad server that allows reading, writing, and deleting arbitrary files outside of the specified directory. \nAttackers can exploit these issues to execute arbitrary code in the context of the affected application, read/write or delete arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52820"
}
],
"trust": 6.3
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52820",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52820"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4875",
"trust": 4.6
},
{
"db": "BID",
"id": "50828",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.4
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090",
"trust": 1.9
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02A",
"trust": 1.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "18166",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "77380",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-5103",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5105",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5107",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-0465",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5110",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5108",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "61050C40-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "5E37BFA8-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "9FE8F34A-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "28C3F672-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "9C31ED38-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "9EF7B7BE-1F7D-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-72366",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-52820",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52820"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"id": "VAR-201202-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52820"
}
],
"trust": 5.553665231428572
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 4.8
}
],
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
}
]
},
"last_update_date": "2023-12-18T12:22:07.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 file download vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72694"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 memory access vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72697"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72705"
},
{
"title": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 service crash vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/72689"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI String Stack Overflow Vulnerability (CNVD-2012-0465)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9071"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52820"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.9,
"url": "http://aluigi.altervista.org/adv/winccflex_1-adv.txt"
},
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"trust": 1.1,
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02a.pdf"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/77380"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71449"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4875"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4875"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50828"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52820"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"db": "VULHUB",
"id": "VHN-52820"
},
{
"db": "BID",
"id": "50828"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52820"
},
{
"date": "2011-11-28T00:00:00",
"db": "BID",
"id": "50828"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"date": "2012-02-03T20:55:01.907000",
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5108"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5110"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5103"
},
{
"date": "2016-03-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5107"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0465"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5105"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-52820"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "50828"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001317"
},
{
"date": "2017-08-29T01:30:37.130000",
"db": "NVD",
"id": "CVE-2011-4875"
},
{
"date": "2011-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-480"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Flexible Runtime \u0027HmiLoad.exe\u0027 Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5103"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "61050c40-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "5e37bfa8-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9fe8f34a-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "28c3f672-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9c31ed38-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "9ef7b7be-1f7d-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-090"
}
],
"trust": 1.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…