5
CVE-2011-4512
- EPSS 0.39%
- Published 03.02.2012 20:55:01
- Last modified 11.04.2025 00:51:21
- Source cret@cert.org
- Teams watchlist Login
- Open Login
CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Wincc Flexible Version2004
Siemens ≫ Wincc Flexible Version2005
Siemens ≫ Wincc Flexible Version2007
Siemens ≫ Wincc Flexible Version2008
Siemens ≫ Wincc Flexible Version2008 Updatesp1
Siemens ≫ Wincc Flexible Version2008 Updatesp2
Siemens ≫ Simatic Hmi Panels Versioncomfort_panels
Siemens ≫ Simatic Hmi Panels Versionmobile_panels
Siemens ≫ Simatic Hmi Panels Versionmp
Siemens ≫ Simatic Hmi Panels Versionop
Siemens ≫ Simatic Hmi Panels Versiontp
Siemens ≫ Wincc Runtime Advanced Versionv11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.567 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.