First published: Fri Feb 03 2012(Updated: )
Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.
Credit: cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens WinCC flexible | =2004 | |
Siemens WinCC flexible | =2008 | |
Siemens WinCC flexible | =2007 | |
Siemens WinCC flexible | =2005 | |
Siemens WinCC | =v11 | |
Siemens Simatic Hmi Panels | =tp | |
Siemens Simatic Hmi Panels | =op | |
Siemens Simatic Hmi Panels | =mobile_panels | |
Siemens Simatic Hmi Panels | =comfort_panels | |
Siemens Simatic Hmi Panels | =mp | |
Siemens Wincc Runtime Advanced | =v11 | |
Siemens Wincc Flexible Runtime |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.