CVE-2011-4512

Name of the Vulnerable Software and Affected Versions Siemens WinCC flexible versions 2004 through 2008 before SP3 Siemens WinCC V11 (aka TIA portal) versions prior to SP2 Update 1 Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels (affected versions not specified) Siemens WinCC V11 Runtime Advanced (affected versions not specified) Siemens WinCC flexible Runtime (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks.

Recommendations For Siemens WinCC flexible versions 2004 through 2008, update to at least SP3. For Siemens WinCC V11 (aka TIA portal), update to at least SP2 Update 1. For Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels, WinCC V11 Runtime Advanced, and WinCC flexible Runtime, at the moment, there is no information about a newer version that contains a fix for this vulnerability.