Test ID:	1.3.6.1.4.1.25623.1.0.103572
Category:	Web application abuses
Title:	Siemens SIMATIC WinCC HMI Web Server Multiple Input Validation Vulnerabilities - Active Check
Summary:	Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a; directory-traversal issue, and an arbitrary memory-read access issue because the application fails to; properly sanitize user-supplied input.
Description:	Summary: Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. Vulnerability Impact: A remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions. Solution: Updates are available. Please see the references for more information. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4512 http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf Common Vulnerability Exposure (CVE) ID: CVE-2011-4878 http://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.osvdb.org/77383 XForce ISS Database: simatic-miniweb-directory-traversal(71452) https://exchange.xforce.ibmcloud.com/vulnerabilities/71452 Common Vulnerability Exposure (CVE) ID: CVE-2011-4879 http://www.osvdb.org/77384 XForce ISS Database: simatic-miniweb-dos(71453) https://exchange.xforce.ibmcloud.com/vulnerabilities/71453
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.