Signature Detail
Short Name |
SCADA:SIEMENS-SIMATIC-HMILOAD |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
SCADA |
Keywords |
Siemens Simatic WinCC HmiLoad.exe Overflow |
Release Date |
2012/11/05 |
Update Number |
2200 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Siemens Simatic WinCC HmiLoad.exe Overflow
This signature detects attempts to exploit a known vulnerability in the Siemens Simatic WinCC HmiLoad.exe. A successful attack can result in arbitrary code execution or a denial-of-service condition.
Extended Description
Siemens SIMATIC WinCC Flexible is prone to multiple security vulnerabilities that affect the 'HmiLoad.exe' program. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, read/write or delete arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible.
Affected Products
- Siemens SIMATIC WinCC Flexible 2004
- Siemens SIMATIC WinCC Flexible 2005
- Siemens SIMATIC WinCC Flexible 2005 SP1
- Siemens SIMATIC WinCC Flexible 2007
- Siemens SIMATIC WinCC Flexible 2008
- Siemens SIMATIC WinCC Flexible 2008 SP1
- Siemens SIMATIC WinCC Flexible 2008 SP2
- Siemens SIMATIC WinCC flexible Runtime
References
- BugTraq: 50828
- CVE: CVE-2011-4877
- CVE: CVE-2011-4875