What is the severity of CVE-2011-4514?

CVE-2011-4514 is considered to have a high severity as it allows remote attackers to gain access without authentication.

How do I fix CVE-2011-4514?

To mitigate CVE-2011-4514, apply the security patches provided by Siemens for the affected software versions.

What systems are affected by CVE-2011-4514?

CVE-2011-4514 affects Siemens WinCC flexible versions 2004 to 2008, WinCC V11, and various SIMATIC HMI panels.

What type of attack can be carried out due to CVE-2011-4514?

CVE-2011-4514 allows remote code execution due to the lack of authentication in the TELNET daemon.

Is there a workaround for CVE-2011-4514?

A potential workaround for CVE-2011-4514 is to disable the TELNET service if it is not required for operations.

Vulnerability/
CVE-2011-4514

critical

CWE

287

3/2/2012

17/9/2024

CVE-2011-4514

First published: Fri Feb 03 2012(Updated: )

The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime does not perform authentication, which makes it easier for remote attackers to obtain access via a TCP session.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Siemens SIMATIC WinCC flexible 2008	=2004
Siemens SIMATIC WinCC flexible 2008	=2008
Siemens SIMATIC WinCC flexible 2008	=2007
Siemens SIMATIC WinCC flexible 2008	=2005
Siemens Simatic WinCC	=v11
Siemens SIMATIC HMI Panels	=tp
Siemens SIMATIC HMI Panels	=op
Siemens SIMATIC HMI Panels	=mobile_panels
Siemens SIMATIC HMI Panels	=comfort_panels
Siemens SIMATIC HMI Panels	=mp
Siemens SIMATIC WinCC Runtime Advanced	=v11
Siemens SIMATIC WinCC flexible Runtime

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-4514?
CVE-2011-4514 is considered to have a high severity as it allows remote attackers to gain access without authentication.
How do I fix CVE-2011-4514?
To mitigate CVE-2011-4514, apply the security patches provided by Siemens for the affected software versions.
What systems are affected by CVE-2011-4514?
CVE-2011-4514 affects Siemens WinCC flexible versions 2004 to 2008, WinCC V11, and various SIMATIC HMI panels.
What type of attack can be carried out due to CVE-2011-4514?
CVE-2011-4514 allows remote code execution due to the lack of authentication in the TELNET daemon.
Is there a workaround for CVE-2011-4514?
A potential workaround for CVE-2011-4514 is to disable the TELNET service if it is not required for operations.

agent/type
agent/references
agent/author
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/tags
agent/softwarecombine
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/siemens
canonical/siemens simatic wincc flexible 2008
version/siemens simatic wincc flexible 2008/2004
version/siemens simatic wincc flexible 2008/2008
version/siemens simatic wincc flexible 2008/2007
version/siemens simatic wincc flexible 2008/2005
canonical/siemens simatic wincc
version/siemens simatic wincc/v11
canonical/siemens simatic hmi panels
version/siemens simatic hmi panels/tp
version/siemens simatic hmi panels/op
version/siemens simatic hmi panels/mobile_panels
version/siemens simatic hmi panels/comfort_panels
version/siemens simatic hmi panels/mp
canonical/siemens simatic wincc runtime advanced
version/siemens simatic wincc runtime advanced/v11
canonical/siemens simatic wincc flexible runtime