Home -> Resources -> SCADA/ICS Vulnerability Reference -> Siemens WinCC

Siemens WinCC Flexible Runtime Heap Overflow

September 6, 2011

Siemens SIMATIC WinCC Flexible is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

The following products are affected:

  • Siemens SIMATIC WinCC flexible Runtime
  • Siemens SIMATIC WinCC (TIA Portal) Runtime Advanced

ICS-CERT Advisories / Alerts

ICSA-11-244-01

Vendor Website (include Patches / Hotfixes)

Not available at this time.

Exploit Proof-of-Concept

No public exploit is available at this time.

Common Vulnerability & Exposure (CVE) References

CVE-2011-1914

Additional Information

Security Focus Vulnerability Info and Exploit Bugtraq ID 49479

Holes Found in Siemens WinCC (ISSSource)