CVE-2011-4879

miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not properly handle UR...

Directory traversal

Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexibl...

CVE-2011-4878

Siemens WinCC/HMI Web Server is vulnerable to a directory traversal in the HMI web server component (miniweb.exe) affecting WinCC flexible 2004–2008, WinCC V11 (TIA Portal) before SP2 Update 1, and related SIMATIC HMI panels and runtimes. Root cause: improper validation of HTTP/URI strings allows...

CVE-2011-4879

Siemens WinCC/HMI Web Server vulnerability CVE-2011-4879: the HMI web server (miniweb.exe) fails to properly handle URIs beginning with 0xfa, enabling remote memory reads or DoS via crafted POST requests. Affected products include WinCC flexible 2004–2008 (pre-SP3), WinCC V11 (TIA Portal) before ...