VAR-201202-0165
Vulnerability from variot - Updated: 2023-12-18 12:22Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. plural Siemens Product HMI Web Server miniweb.exe Contains a directory traversal vulnerability.By a third party ..%5c ( Dot dot backslash ) including URI Any file may be read via. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. The HMI web server listening on TCP ports 80 and 443 does not correctly verify the URL in the HTTP request, and builds a URL containing a specially crafted slash to perform a directory traversal attack and read any file in the file system. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. A remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions. A remote attacker can exploit this vulnerability to read arbitrary files by means of ../ (dotted backslashes) in the URL
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201202-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "mp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "tp"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 2.4,
"vendor": "siemens",
"version": "op"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2005"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2004"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 1.7,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc runtime advanced",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "comfort_panels"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": "mobile_panels"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2008"
},
{
"model": "wincc",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "v11"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2005"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2007"
},
{
"model": "wincc flexible",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2004"
},
{
"model": "wincc flexible runtime",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic wincc flexible",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "2008"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.9,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "sp2 update 1"
},
{
"model": "simatic wincc",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "v11\\\\"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "comfort panels"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "v11"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": "mobile panels"
},
{
"model": "simatic wincc flexible rumtime",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "wincc flexible",
"version": "2008"
},
{
"model": "simatic hmi panels",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc runtime advanced",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "wincc flexible runtime",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "wincc",
"version": "v11"
},
{
"model": "simatic wincc flexible runtime",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic wincc",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "simatic hmi panels",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2004"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2005"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible",
"version": "2007"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc",
"version": "*"
},
{
"model": "comfort panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mobile panels",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "mp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "op",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": "tp",
"scope": null,
"trust": 0.2,
"vendor": "simatic hmi panels",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc runtime advanced",
"version": "v11"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wincc flexible runtime",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v11",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4878"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ICS-CERT",
"sources": [
{
"db": "BID",
"id": "51836"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2011-4878",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "2848847e-2354-11e6-abef-000c29c66e3d",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52823",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4878",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201202-093",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52823",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52823"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI. plural Siemens Product HMI Web Server miniweb.exe Contains a directory traversal vulnerability.By a third party ..%5c ( Dot dot backslash ) including URI Any file may be read via. Siemens SIMATIC is an automation software in a single engineering environment. A security vulnerability exists in the Siemens SIMATIC WinCC HMI web server. The HMI web server listening on TCP ports 80 and 443 does not correctly verify the URL in the HTTP request, and builds a URL containing a specially crafted slash to perform a directory traversal attack and read any file in the file system. Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. \nA remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions. A remote attacker can exploit this vulnerability to read arbitrary files by means of ../ (dotted backslashes) in the URL",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52823"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52823",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52823"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4878",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-345442",
"trust": 1.7
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02A",
"trust": 1.1
},
{
"db": "ICS CERT ALERT",
"id": "ICS-ALERT-11-332-02",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "18166",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "77383",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2012-0468",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320",
"trust": 0.8
},
{
"db": "NSFOCUS",
"id": "18633",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-12-030-01A",
"trust": 0.3
},
{
"db": "BID",
"id": "51836",
"trust": 0.3
},
{
"db": "IVD",
"id": "2848847E-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52823",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "VULHUB",
"id": "VHN-52823"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"id": "VAR-201202-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "VULHUB",
"id": "VHN-52823"
}
],
"trust": 1.494686884
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
}
]
},
"last_update_date": "2023-12-18T12:22:07.582000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-345442",
"trust": 0.8,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"title": "\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc",
"trust": 0.8,
"url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.siemens.com/entry/jp/ja/"
},
{
"title": "Patch for Siemens SIMATIC WinCC HMI Directory Traversal Vulnerability (CNVD-2012-0468)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/9074"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52823"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01.pdf"
},
{
"trust": 1.7,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/18166"
},
{
"trust": 1.1,
"url": "http://aluigi.org/adv/winccflex_1-adv.txt"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02.pdf"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/control_systems/pdf/ics-alert-11-332-02a.pdf"
},
{
"trust": 1.1,
"url": "http://www.osvdb.org/77383"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71452"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4878"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4878"
},
{
"trust": 0.6,
"url": "http://aluigi.altervista.org/adv/winccflex_1-adv.txt"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18633"
},
{
"trust": 0.3,
"url": "http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/scada/pages/default.aspx"
},
{
"trust": 0.3,
"url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-030-01a.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "VULHUB",
"id": "VHN-52823"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"db": "VULHUB",
"id": "VHN-52823"
},
{
"db": "BID",
"id": "51836"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"date": "2012-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-52823"
},
{
"date": "2012-02-02T00:00:00",
"db": "BID",
"id": "51836"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"date": "2012-02-03T20:55:02.030000",
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-02-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0468"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-52823"
},
{
"date": "2012-04-18T21:20:00",
"db": "BID",
"id": "51836"
},
{
"date": "2012-02-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001320"
},
{
"date": "2017-08-29T01:30:37.350000",
"db": "NVD",
"id": "CVE-2011-4878"
},
{
"date": "2012-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Siemens Product HMI Web Server traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001320"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "2848847e-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201202-093"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…