Vulnerability Details : CVE-2011-4877
HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to cause a denial of service (application crash) by sending crafted data over TCP.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2011-4877
Probability of exploitation activity in the next 30 days: 4.54%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4877
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
CWE ids for CVE-2011-4877
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4877
- http://aluigi.org/adv/winccflex_1-adv.txt
-
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf
404 - File Not Found | CISA
-
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf
404 - File Not Found | CISA
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/71451
Siemens Simatic WinCC HmiLoad.exe denial of service undefined Vulnerability Report
-
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf
Vendor Advisory
-
http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf
404 - File Not Found | CISAUS Government Resource
-
http://www.exploit-db.com/exploits/18166
Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities - Windows dos Exploit
Products affected by CVE-2011-4877
- cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*