Detections
Analytics

Siemens WinCC and SIMATIC HMI Panels < 11.0.2.1 Buffer Overflow

high Nessus Network Monitor Plugin ID 720010

Synopsis

Siemens WinCC and SIMATIC HMI panels include a component that is vulnerable to a stack-based buffer overflow.

Description

Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.

Solution

Perform vendor recommended mitigations and apply available vendor upgrades.

See Also

http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf,http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf,http://aluigi.org/adv/winccflex_1-adv.txt,https://ics-cert.us-cert.gov/advisories/ICSA-12-030-01A,http://www.exploit-db.com/exploits/18166,http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf,https://exchange.xforce.ibmcloud.com/vulnerabilities/71449,http://www.osvdb.org/77380,http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf

Plugin Details

Severity: High

ID: 720010

Family: SCADA

Published: 5/8/2019

Updated: 9/30/2019

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 4/18/2012

Vulnerability Publication Date: 4/18/2012

Reference Information

CVE: CVE-2011-4875