CVE-2011-4513 - Vulnerability Details - OpenCVE

Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.03428.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Simatic Hmi Panels Wincc Wincc Flexible Wincc Flexible Runtime Wincc Runtime Advanced

Configuration 1 [-]

OR	cpe:2.3:a:siemens:wincc_flexible:2004:::::::*
	cpe:2.3:a:siemens:wincc_flexible:2005:::::::*
	cpe:2.3:a:siemens:wincc_flexible:2007:::::::*
	cpe:2.3:a:siemens:wincc_flexible:2008:::::::*

Configuration 2 [-]

cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:::::::*
	cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:::::::*
	cpe:2.3:a:siemens:simatic_hmi_panels:mp:::::::*
	cpe:2.3:a:siemens:simatic_hmi_panels:op:::::::*
	cpe:2.3:a:siemens:simatic_hmi_panels:tp:::::::*

Configuration 4 [-]

cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf
http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2012-02-03T20:00:00Z

Updated: 2024-09-16T22:31:15.150Z

Reserved: 2011-11-22T00:00:00Z

Link: CVE-2011-4513

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-02-03T20:55:01.513

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-4513

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-02-03T20:00:00Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2011-4513", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"}, {"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf", "refsource": "MISC", "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:09:18.521Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2011-4513", "datePublished": "2012-02-03T20:00:00Z", "dateReserved": "2011-11-22T00:00:00Z", "dateUpdated": "2024-09-16T22:31:15.150Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*", "matchCriteriaId": "7D596C29-36F8-44F2-897D-FD107769E5A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*", "matchCriteriaId": "2D84E29A-4BC2-4229-83C3-D9F7A641D19C", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*", "matchCriteriaId": "9B3ADDE1-1F91-43E7-A3C3-3069916F4B23", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*", "matchCriteriaId": "1432EC7A-47B2-41D1-B90B-72DBB79AC266", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*", "matchCriteriaId": "18A9883B-80E1-4B2E-88DA-D2326AE3DC08", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*", "matchCriteriaId": "DC593746-B329-43EA-8CA1-AA56AC5A3B10", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*", "matchCriteriaId": "1DF877E8-A0D1-4444-99F2-8A3E8ED4D31B", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*", "matchCriteriaId": "442AC914-BDD5-4D0C-9E04-88F60EE2B730", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*", "matchCriteriaId": "D9749966-1666-4F7D-90D0-17AFBB88AE83", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*", "matchCriteriaId": "9471D239-08B1-4076-82F7-2B73F4E343CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*", "matchCriteriaId": "1AE3AE80-C7A2-4581-993A-536936F6D315", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F785262-BBFB-4A0C-A7DC-97F5D6B94BB0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader."}, {"lang": "es", "value": "Siemens WinCC flexible 2004, 2005, 2007 y 2008; WinCC V11 (TIA portal); TP, OP, MP, Comfort Panels y Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced y WinCC flexible Runtime permiten a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo de proyecto, relacionado con un servidor web y el cargador de tiempo de ejecuci\u00f3n (\"runtime loader\")."}], "id": "CVE-2011-4513", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-02-03T20:55:01.513", "references": [{"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}