CVE-2011-4510

Name of the Vulnerable Software and Affected Versions Siemens WinCC flexible versions 2004 through 2008 before SP3 Siemens WinCC V11 (aka TIA portal) versions prior to SP2 Update 1 Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels (affected versions not specified) Siemens WinCC V11 Runtime Advanced (affected versions not specified) Siemens WinCC flexible Runtime (affected versions not specified)

Description A cross-site scripting (XSS) issue exists in the HMI web server, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. This enables attackers to potentially execute malicious code on the client-side.

Recommendations For Siemens WinCC flexible versions 2004 through 2008, update to at least SP3 to resolve the issue. For Siemens WinCC V11 (aka TIA portal), update to at least SP2 Update 1. For Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels, WinCC V11 Runtime Advanced, and WinCC flexible Runtime, at the moment, there is no information about a newer version that contains a fix for this vulnerability.