830 matches found
Directory traversal
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is...
CVE-2011-4511
Cross-site scripting XSS vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime...
CVE-2011-4510
Cross-site scripting XSS vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime...
CVE-2011-4508
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime generates predictable authentication token...
CVE-2011-4877
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cau...
CVE-2011-4878
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexibl...
CVE-2011-4875
CVE-2011-4875 corresponds to a stack-based buffer overflow in the HmiLoad runtime loader of Siemens WinCC flexible (versions 2004, 2005, 2007, 2008) and WinCC V11 (TIA Portal) including SIMATIC HMI panels and WinCC V11 Runtime Advanced. The root cause is improper handling/validation of Unicode st...
CVE-2011-4514
The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attacker...
CVE-2011-4513
CVE-2011-4513 affects Siemens WinCC Flexible (2004–2008), WinCC V11 (TIA Portal), SIMATIC HMI panels (TP/OP/MP/Comfort/Mobile), and WinCC Runtime Advanced/Flexible Runtime. The vulnerability allows user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the...
CVE-2011-4508
CVE-2011-4508: Insecure, predictable authentication token generation in Siemens WinCC/HMI web servers (WinCC flexible 2004–2008 before SP3; WinCC V11 before SP2 Update 1; and related HMI panels) allows remote attackers to bypass authentication by crafting cookies. Affected components include HMI ...
CVE-2011-4514
CVE-2011-4514 concerns the TELNET daemon in Siemens WinCC flexible (2004–2008) and WinCC V11 (TIA Portal), plus related SIMATIC HMI panels, which does not perform authentication, enabling remote access via TCP sessions. Affected products include WinCC flexible 2004/2005/2007/2008, WinCC V11, TP/O...
CVE-2011-4512
CVE-2011-4512 is a CRLF/header-injection vulnerability in the Siemens SIMATIC WinCC/HMI web server. Affected products include WinCC flexible 2004/2005/2007/2008 before SP3; WinCC V11 (TIA Portal) before SP2 Update 1; multiple SIMATIC HMI panels (TP/OP/MP/Comfort/Mobile); WinCC V11 Runtime Advance...
CVE-2011-4876
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is...
CVE-2011-4879
miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle UR...
CVE-2011-4513
Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allow user-assisted remote attackers to execute arbitrary code via a crafted project file,...
CVE-2011-4511
CVE-2011-4511 is a cross-site scripting (XSS) vulnerability in the Siemens SIMATIC WinCC HMI web server. Affected products (per ICS-CERT) include WinCC flexible 2004/2005/2007/2008 (before SP3), WinCC V11 (TIA Portal) before SP2 Update 1, and multiple SIMATIC HMI panels plus WinCC V11 Runtime Adv...
CVE-2011-4877
CVE-2011-4877 affects Siemens WinCC flexible products (2004–2008) and related SIMATIC HMI panels, WinCC V11 Runtime Advanced, and WinCC flexible Runtime. The issue lies in HmiLoad in the runtime loader; when Transfer Mode is enabled, sending crafted data over TCP can cause a remote denial of serv...
CVE-2011-4509
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 aka TIA portal; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account...
CVE-2011-4879
Siemens WinCC/HMI Web Server vulnerability CVE-2011-4879: the HMI web server (miniweb.exe) fails to properly handle URIs beginning with 0xfa, enabling remote memory reads or DoS via crafted POST requests. Affected products include WinCC flexible 2004–2008 (pre-SP3), WinCC V11 (TIA Portal) before ...
CVE-2011-4878
Siemens WinCC/HMI Web Server is vulnerable to a directory traversal in the HMI web server component (miniweb.exe) affecting WinCC flexible 2004–2008, WinCC V11 (TIA Portal) before SP2 Update 1, and related SIMATIC HMI panels and runtimes. Root cause: improper validation of HTTP/URI strings allows...