CVE-2011-4876

Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.

Published: Feb 3, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-4876
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
siemens / wincc_flexible	2004	2004.x
siemens / wincc_flexible	2008	2008.x
siemens / wincc_flexible	2007	2007.x
siemens / wincc_flexible	2005	2005.x
siemens / wincc	11	11.x
siemens / simatic_hmi_panels	tp	tp.x
siemens / simatic_hmi_panels	op	op.x
siemens / simatic_hmi_panels	mobile_panels	mobile_panels.x
siemens / simatic_hmi_panels	comfort_panels	comfort_panels.x
siemens / simatic_hmi_panels	mp	mp.x
siemens / wincc_runtime_advanced	11	11.x
siemens / wincc_flexible_runtime	-	-

Vulnerability Database

289,697

CVE-2011-4876