Home -> Resources -> SCADA/ICS Vulnerability Reference -> Siemens WinCC Flexible

Siemens WinCC Flexible Multiple Vulnerabilities

November 29, 2011 (Updated December 2, 2011)

Security researcher Luigi Auriemma has publically disclosed vulnerabilities that affect the Siemens WinCC Flexible application.

The reported vulnerabilities affect WinCC Flexible Runtime Loader (HmiLoad.exe), a component of Siemens SIMATIC WinCC Flexible 2008. When the Runtime Loader is running in Transfer mode, it might be possible to remotely exploit the vulnerabilities via port 2308/tcp.

Attackers can exploit these issues to execute arbitrary code in the context of the affected application, read/write or delete arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible.

ICS-CERT Advisories / Alerts

ICS-ALERT-11-332-02A
ICS-ALERT-11-332-02

Related Advisories / Alerts:
ICSA-11-244-01

Vendor Website (include Patches / Hotfixes)

Siemens WinCC Flexible Runtime Product Info

Exploit Proof-of-Concept

Exploit-DB ID 18166 (Part 1)
Exploit-DB ID 18166 (Part 2)

Common Vulnerability & Exposure (CVE) References

Not available at this time.

Additional Information

Disclosure (Luigi Auriemma)
Exploit-DB ID 18166
IBM Internet Security Systems #71449
Secunia Advisory #46997
Secunia Vulnerability Report and Statistics on WinCC Flexible 2008
Secunia Vulnerability Report and Statistics on WinCC Flexible 2007
Secunia Vulnerability Report and Statistics on WinCC Flexible 2005
Security Focus Vulnerability Info and Exploit Bugtraq ID 50828
Security Vulns ID #12073

Siemens Investigating Vulnerabilities (ISSSource)