Lucene search

[email protected]CVE-2011-3321

HistorySep 16, 2011 - 12:35 p.m.

CVE-2011-3321

2011-09-1612:35:26

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-3321

siemens

wincc

runtime

advanced loader

buffer overflow

denial of service

memory corruption

arbitrary code

tcp port 2308

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.6 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308.

Affected configurations

NVD

Node

siemenssimatic_wincc_flexible_runtime

siemenssimatic_wincc_runtimeMatch-advanced

CPENameOperatorVersion
siemens:simatic_wincc_flexible_runtimesiemens simatic wincc flexible runtimeeq*
siemens:simatic_wincc_runtimesiemens simatic wincc runtimeeq-

CPE	Name	Operator	Version
siemens:simatic_wincc_flexible_runtime	siemens simatic wincc flexible runtime	eq	*
siemens:simatic_wincc_runtime	siemens simatic wincc runtime	eq	-

References

cache.automation.siemens.com/dnl/jI/jI0NDY5AAAA_29054992_FAQ/Siemens_Security_Advisory_SSA-460621_V1_2.pdf

secunia.com/advisories/46011

support.automation.siemens.com/WW/view/en/29054992

www.us-cert.gov/control_systems/pdf/ICSA-11-244-01.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/69803

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.6 High

AI Score

Confidence

High

0.05 Low

EPSS

Percentile

92.9%

JSON

Related for CVE-2011-3321

ics1 cvelist1 nvd1 prion1