CVE-2011-4513

Name of the Vulnerable Software and Affected Versions Siemens WinCC flexible versions 2004 through 2008 WinCC V11 (aka TIA portal) WinCC V11 Runtime Advanced WinCC flexible Runtime TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels (affected versions not specified)

Description The issue allows user-assisted remote attackers to execute arbitrary code via a crafted project file, related to the HMI web server and runtime loader.

Recommendations For Siemens WinCC flexible versions 2004 through 2008, update to a version that addresses the issue. For WinCC V11 (aka TIA portal), apply the recommended fix. For WinCC V11 Runtime Advanced and WinCC flexible Runtime, update to a version that resolves the issue. For TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels, contact the vendor for specific guidance on resolving the issue.