CVE-2011-4875

Name of the Vulnerable Software and Affected Versions Siemens WinCC flexible versions 2004 through 2008 WinCC V11 (aka TIA portal) TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels WinCC V11 Runtime Advanced WinCC flexible Runtime

Description The issue is related to a stack-based buffer overflow in HmiLoad in the runtime loader. This occurs when Transfer Mode is enabled, allowing remote attackers to execute arbitrary code via vectors related to Unicode strings.

Recommendations For Siemens WinCC flexible versions 2004 through 2008, consider disabling Transfer Mode until a patch is available. For WinCC V11 (aka TIA portal), restrict access to the runtime loader to minimize the risk of exploitation. For TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels, avoid using Unicode strings in the Transfer Mode until the issue is resolved. For WinCC V11 Runtime Advanced and WinCC flexible Runtime, consider disabling the HmiLoad function in the runtime loader as a temporary workaround.