Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4875Improper Restriction of Operations within the Bounds of a Memory Buffer in Siemens Simatic HMI Panels

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
34.6%
top 2.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Siemens Simatic HMI PanelsSiemens WinccSiemens Wincc Flexible+1 more
Timeline
PublishedFeb 3
Latest updateMay 17

Description

Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute arbitrary code via vectors related to Unicode strings.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDsiemens/wincc_flexible4 versions+3
NVDsiemens/winccv11
NVDsiemens/simatic_hmi_panels5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-v2qv-37fh-hjmr: Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP,2022-05-17
CVEList
CVE-2011-4875: Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP,2012-02-03

💥Exploits & PoCs

1
Exploit-DB
Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities2011-11-28
CVE-2011-4875 — Siemens vulnerability | cvebase