Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4512


Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4512
Last Modified 06 Feb 2012 12:00:00
Published 03 Feb 2012 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



CRLF injection vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Vulnerable Systems


  • Siemens Simatic Hmi Panels Comfort Panels

  • Siemens Simatic Hmi Panels Mobile Panels

  • Siemens Simatic Hmi Panels Mp

  • Siemens Simatic Hmi Panels Op

  • Siemens Simatic Hmi Panels Tp

  • Siemens Wincc Flexible 2004

  • Siemens Wincc Flexible 2005

  • Siemens Wincc Flexible 2007

  • Siemens Wincc Flexible 2008

  • Siemens Wincc Flexible Runtime

  • Siemens Wincc Runtime Advanced V11

  • Siemens Wincc V11




Last Updated: 27 May 2016 10:56:27