Multiple Siemens SIMATIC Products Authentication Bypass Vulnerabilities

Bugtraq ID:	51177
Class:	Design Error
CVE:	CVE-2011-4508 CVE-2011-4509
Remote:	Yes
Local:	No
Published:	Dec 22 2011 12:00AM
Updated:	Apr 18 2012 09:20PM
Credit:	Billy Rios and Terry McCorkle
Vulnerable:	Siemens SIMATIC WinCC flexible Runtime 0 Siemens SIMATIC WinCC Flexible 2008 SP2 Siemens SIMATIC WinCC Flexible 2008 SP1 Siemens SIMATIC WinCC Flexible 2008 Siemens SIMATIC WinCC Flexible 2007 Siemens SIMATIC WinCC Flexible 2005 SP1 Siemens SIMATIC WinCC Flexible 2005 Siemens SIMATIC WinCC Flexible 2004 Siemens SIMATIC WinCC V11 SP2 Siemens SIMATIC WinCC V11 SP1 Siemens SIMATIC WinCC V11 Siemens SIMATIC WinCC 0 Siemens SIMATIC HMI Panels 0
Not Vulnerable:

Multiple Siemens SIMATIC Products Authentication Bypass Vulnerabilities

Multiple Siemens SIMATIC products are affected by vulnerabilities that allow attackers to bypass authentication.

An attacker can exploit these issues to bypass intended security restrictions and gain access to the affected application. Successfully exploiting these issues may lead to further attacks.

The following products are affected:

SIMATIC WinCC Flexible 2004 through 2008 SP2
SIMATIC WinCC V11, V11 SP1, and V11 SP2
SIMATIC HMI TP, OP, MP, Mobile, and Comfort Series Panels

Multiple Siemens SIMATIC Products Authentication Bypass Vulnerabilities

An attacker can use readily available tools to exploit these issues.

Multiple Siemens SIMATIC Products Authentication Bypass Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

Multiple Siemens SIMATIC Products Authentication Bypass Vulnerabilities

References:

• Siemens HMI Softwares Page (Siemens)
  
• SIMATIC WinCC flexible �?? Runtime Software (Siemens)
  
• The Siemens SIMATIC Remote, Authentication Bypass (that doesn�??t exist) (Billy Rios)
  
• http://www.attrition.org/mailman/listinfo/vim (ICS-CERT)
  
• SIEMENS SIMATIC HMI AUTHENTICATION VULNERABILITIES (CERT)