CVE-2011-4509

Name of the Vulnerable Software and Affected Versions Siemens WinCC flexible versions 2004 through 2008 Siemens WinCC V11 (aka TIA portal) Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels Siemens WinCC V11 Runtime Advanced Siemens WinCC flexible Runtime

Description The issue is related to an improperly selected default password for the administrator account in the HMI web server. This makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.

Recommendations For Siemens WinCC flexible versions 2004 through 2008, change the default administrator password to a strong and unique password. For Siemens WinCC V11 (aka TIA portal), update the configuration to use a secure password for the administrator account. For Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels, restrict access to the administrator account until a secure password is set. For Siemens WinCC V11 Runtime Advanced and WinCC flexible Runtime, consider disabling the default administrator account or setting a strong password to prevent unauthorized access.