CVE-2011-4514

Name of the Vulnerable Software and Affected Versions Siemens WinCC flexible versions 2004 through 2008 Siemens WinCC V11 (aka TIA portal) Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels Siemens WinCC V11 Runtime Advanced Siemens WinCC flexible Runtime

Description The issue concerns the lack of authentication in the TELNET daemon, making it easier for remote attackers to gain access via a TCP session.

Recommendations For Siemens WinCC flexible versions 2004 through 2008, consider disabling the TELNET daemon until a patch is available. For Siemens WinCC V11 (aka TIA portal), restrict access to the TELNET daemon to minimize the risk of exploitation. For Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels, avoid using the TELNET daemon in unsecured environments. For Siemens WinCC V11 Runtime Advanced and Siemens WinCC flexible Runtime, limit network exposure to reduce the risk of unauthorized access.