CVE-2011-4878

Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.

Published: Feb 3, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-4878
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
siemens / wincc_flexible	2004	2004.x
siemens / wincc_flexible	2008	2008.x
siemens / wincc_flexible	2008-sp1	2008-sp1.x
siemens / wincc_flexible	2008-sp2	2008-sp2.x
siemens / wincc_flexible	2007	2007.x
siemens / wincc_flexible	2005	2005.x
siemens / wincc	11	11.x
siemens / wincc	11-sp1	11-sp1.x
siemens / wincc	-	11.x
siemens / simatic_hmi_panels	tp	tp.x
siemens / simatic_hmi_panels	op	op.x
siemens / simatic_hmi_panels	mobile_panels	mobile_panels.x
siemens / simatic_hmi_panels	comfort_panels	comfort_panels.x
siemens / simatic_hmi_panels	mp	mp.x
siemens / wincc_runtime_advanced	11	11.x
siemens / wincc_flexible_runtime	-	-

Vulnerability Database

289,784

CVE-2011-4878