First published: Fri Feb 03 2012(Updated: )
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens SIMATIC WinCC flexible 2008 | =2004 | |
Siemens SIMATIC WinCC flexible 2008 | =2008 | |
Siemens SIMATIC WinCC flexible 2008 | =2007 | |
Siemens SIMATIC WinCC flexible 2008 | =2005 | |
Siemens WinCC | =v11 | |
Siemens SIMATIC HMI Panels | =tp | |
Siemens SIMATIC HMI Panels | =op | |
Siemens SIMATIC HMI Panels | =mobile_panels | |
Siemens SIMATIC HMI Panels | =comfort_panels | |
Siemens SIMATIC HMI Panels | =mp | |
Siemens SIMATIC WinCC Runtime Advanced | =v11 | |
Siemens SIMATIC WinCC flexible Runtime |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-4509 has been classified as a critical vulnerability due to the presence of an improperly selected default password for the administrator account.
To mitigate CVE-2011-4509, change the default administrator password immediately on affected Siemens WinCC products.
CVE-2011-4509 affects Siemens WinCC flexible 2004, 2005, 2007, 2008, WinCC V11, and various SIMATIC HMI panels.
Exploitation of CVE-2011-4509 could allow attackers to gain unauthorized access to critical control systems.
Siemens recommends reviewing their security advisories for guidance on remediation measures concerning CVE-2011-4509.