NVD

Id
11208  
Name
CVE-2011-4878  
Description
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.  
Reject
 
CVSS Version
2  
CVSS Score
7.8  
Severity
High  
CVSS Base Score
7.8  
CVSS Impact Subscore
6.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:N/A:N)  
Pub Date
2017-01-07  
Published
2012-02-03  
Modified Date
2012-09-04  
Seq
2011-4878  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
62043 11208 CVE-2011-4878 http://aluigi.org/adv/winccflex_1-adv.txt  View
62044 11208 CVE-2011-4878 18166  View
62045 11208 CVE-2011-4878 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdf  View
62046 11208 CVE-2011-4878 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf  View
62047 11208 CVE-2011-4878 http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf  View
62048 11208 CVE-2011-4878 http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf  View
62049 11208 CVE-2011-4878 simatic-miniweb-directory-traversal(71452)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
25613 JVNDB-2012-001320 複数の Siemens 製品の HMI Web サーバにおけるディレクトリトラバーサルの脆弱性 複数の Siemens 製品の HMI Web サーバの miniweb.exe には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2011-4878 52785 CVE-2011-4878 11208 7.8 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001320.html 2012-01-24 2012-02-08 View