CVE-2011-4508

Name of the Vulnerable Software and Affected Versions Siemens WinCC flexible versions 2004 through 2008 before SP3 Siemens WinCC V11 (aka TIA portal) versions prior to SP2 Update 1 Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels (affected versions not specified) Siemens WinCC V11 Runtime Advanced (affected versions not specified) Siemens WinCC flexible Runtime (affected versions not specified)

Description The issue allows remote attackers to bypass authentication via a crafted cookie, due to the generation of predictable authentication tokens for cookies by the HMI web server.

Recommendations For Siemens WinCC flexible versions 2004 through 2008, update to at least SP3 to resolve the issue. For Siemens WinCC V11 (aka TIA portal), update to at least SP2 Update 1 to resolve the issue. For Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels, WinCC V11 Runtime Advanced, and WinCC flexible Runtime, at the moment, there is no information about a newer version that contains a fix for this vulnerability.