Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3321

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-3321
Last Modified 29 Apr 2015 01:44:00
Published 16 Sep 2011 08:35:26
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3321

Summary

Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308.

Vulnerable Systems

Application

  • Siemens Simatic Wincc Flexible Runtime

  • Siemens Simatic Wincc Runtime

  • Siemens Simatic Wincc Runtime -


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-11-244-01.pdf

XF - simatic-wincc-runtime-bo(69803)

MISC - http://support.automation.siemens.com/WW/view/en/29054992

SECUNIA - 46011

CONFIRM - http://cache.automation.siemens.com/dnl/jI/jI0NDY5AAAA_29054992_FAQ/Siemens_Security_Advisory_SSA-460621_V1_2.pdf


Last Updated: 27 May 2016 11:08:36