Vulnerability Details : CVE-2011-4879
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle URIs beginning with a 0xfa character, which allows remote attackers to read data from arbitrary memory locations or cause a denial of service (application crash) via a crafted POST request.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-4879
Probability of exploitation activity in the next 30 days: 2.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4879
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
8.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:N/A:C |
10.0
|
7.8
|
NIST |
CWE ids for CVE-2011-4879
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4879
- http://aluigi.org/adv/winccflex_1-adv.txt
-
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf
404 - File Not Found | CISA
-
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf
404 - File Not Found | CISA
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/71453
Siemens Simatic WinCC miniweb.exe denial of service CVE-2011-4879 Vulnerability Report
-
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf
Vendor Advisory
-
http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf
404 - File Not Found | CISAUS Government Resource
-
http://www.exploit-db.com/exploits/18166
Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities - Windows dos Exploit
Products affected by CVE-2011-4879
- cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*