Multiple Siemens SIMATIC Products Authentication Bypass Vulnerabilities Network Vulnerability

Summary

Multiple Siemens SIMATIC products are affected by vulnerabilities that allow attackers to bypass authentication. An attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks. The following products are affected: SIMATIC WinCC Flexible 2004 through 2008 SP2 SIMATIC WinCC V11, V11 SP1, and V11 SP2 SIMATIC HMI TP, OP, MP, Mobile, and Comfort Series Panels

References

http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/Pages/Default.aspx
http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/user-interface/pages/default.aspx
http://www.securityfocus.com/bid/51177
http://www.us-cert.gov/control_systems/pdf/ICSA-11-356-01.pdf
http://xs-sniper.com/blog/2011/12/20/the-siemens-simatic-remote-authentication-bypass-that-doesnt-exist/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4508, CVE-2011-4509

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

b2ePMS Multiple SQL Injection Vulnerabilities
ASUS RT56U Router Multiple Vulnerabilities
Assesi 'bg' Parameter SQL Injection vulnerability
Acidcat CMS Multiple Vulnerabilities
AjaxPortal 'di.php' File Inclusion Vulnerability

Take action and discover your vulnerabilities