← back
CVE-2011-4878

CVE-2011-4878

EPSS 12.1%
Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/18166unverifiedexploitdbwww.exploit-db.com/exploits/18166unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://aluigi.org/adv/winccflex_1-adv.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/71452http://www.exploit-db.com/exploits/18166http://www.osvdb.org/77383http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345442.pdfhttp://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdfhttp://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdfhttp://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf