PT-2012-1898 · Siemens · Wincc V11 Runtime Advanced+9
Published
2012-02-03
·
Updated
2012-02-06
·
CVE-2011-4514
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Siemens WinCC flexible versions 2004 through 2008
Siemens WinCC V11 (aka TIA portal)
Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels
Siemens WinCC V11 Runtime Advanced
Siemens WinCC flexible Runtime
Description
The issue concerns the lack of authentication in the TELNET daemon, making it easier for remote attackers to gain access via a TCP session.
Recommendations
For Siemens WinCC flexible versions 2004 through 2008, consider disabling the TELNET daemon until a patch is available.
For Siemens WinCC V11 (aka TIA portal), restrict access to the TELNET daemon to minimize the risk of exploitation.
For Siemens TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels, avoid using the TELNET daemon in unsecured environments.
For Siemens WinCC V11 Runtime Advanced and Siemens WinCC flexible Runtime, limit network exposure to reduce the risk of unauthorized access.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Comfort Panels
Mp
Mobile Panels
Op
Simatic Hmi Panels
Tp
Wincc V11
Wincc V11 Runtime Advanced
Wincc Flexible
Wincc Flexible Runtime