CVE-2011-3321

Name of the Vulnerable Software and Affected Versions Siemens WinCC Runtime Advanced Loader (affected versions not specified) SIMATIC WinCC flexible Runtime (affected versions not specified) SIMATIC WinCC (TIA Portal) Runtime Advanced (affected versions not specified)

Description The issue is related to a heap-based buffer overflow that can be triggered by sending a crafted packet to TCP port 2308. This can lead to memory corruption, causing a denial of service, or potentially allow the execution of arbitrary code.

Recommendations For Siemens WinCC Runtime Advanced Loader, restrict access to TCP port 2308 until a fix is available. For SIMATIC WinCC flexible Runtime, consider implementing network segmentation to limit the exposure of the vulnerable service. For SIMATIC WinCC (TIA Portal) Runtime Advanced, as a temporary workaround, consider disabling the service that listens on TCP port 2308 until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.