CVE-2011-4511

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510.

Published: Feb 3, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-4511
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
siemens / wincc_flexible	2004	2004.x
siemens / wincc_flexible	2008	2008.x
siemens / wincc_flexible	2008-sp1	2008-sp1.x
siemens / wincc_flexible	2008-sp2	2008-sp2.x
siemens / wincc_flexible	2007	2007.x
siemens / wincc_flexible	2005	2005.x
siemens / wincc	11	11.x
siemens / wincc	11-sp1	11-sp1.x
siemens / wincc	-	11.x
siemens / simatic_hmi_panels	tp	tp.x
siemens / simatic_hmi_panels	op	op.x
siemens / simatic_hmi_panels	mobile_panels	mobile_panels.x
siemens / simatic_hmi_panels	comfort_panels	comfort_panels.x
siemens / simatic_hmi_panels	mp	mp.x
siemens / wincc_runtime_advanced	11	11.x
siemens / wincc_flexible_runtime	-	-

Vulnerability Database

289,697

CVE-2011-4511