Siemens SIMATIC WinCC TIA Portal Multiple Security Vulnerabilities

Bugtraq ID:	58567
Class:	Unknown
CVE:	CVE-2011-4515
Remote:	Yes
Local:	No
Published:	Mar 15 2013 12:00AM
Updated:	Mar 15 2013 12:00AM
Credit:	Gleb Gritsai, Sergey Bobrov, Roman Ilin, Artem Chaykin, Timur Yunusov, and Ilya Karpov from Positive Technologies.
Vulnerable:
Not Vulnerable:

Siemens SIMATIC WinCC TIA Portal Multiple Security Vulnerabilities

Siemens SIMATIC WinCC TIA Portal is prone to multiple security vulnerabilities, including:

1. A security-bypass vulnerability
2. A denial-of-service vulnerability
3. An HTML-injection vulnerability
4. An information-disclosure vulnerability
5. An HTTP-header-injection vulnerability
6. An information-disclosure vulnerability
7. A cross-site scripting vulnerability

Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information and gain unauthorized access, allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, insert arbitrary headers into an HTTP response, or perform a denial-of-service attack. Other attacks may be possible.

Siemens SIMATIC WinCC TIA Portal Multiple Security Vulnerabilities

Attackers can exploit these issues through a browser. To exploit the cross-site scripting and HTML-injection issues an attacker must entice an unsuspecting user into following a malicious URI.

Siemens SIMATIC WinCC TIA Portal Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Siemens SIMATIC WinCC TIA Portal Multiple Security Vulnerabilities

References:

• Siemens Homepage (Siemens)
  
• SIMATIC WinCC Homepage (Siemens)