Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-4876Path Traversal in Siemens Simatic HMI Panels

CWE-22Path Traversal4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
12.1%
top 6.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Siemens Simatic HMI PanelsSiemens WinccSiemens Wincc Flexible+1 more
Timeline
PublishedFeb 3
Latest updateMay 17

Description

Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime, when Transfer Mode is enabled, allows remote attackers to execute, read, create, modify, or delete arbitrary files via a .. (dot dot) in a string.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

NVDsiemens/wincc_flexible4 versions+3
NVDsiemens/winccv11
NVDsiemens/simatic_hmi_panels5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-3ppq-p8g9-x6rg: Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); t2022-05-17
CVEList
CVE-2011-4876: Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); t2012-02-03

💥Exploits & PoCs

1
Exploit-DB
Siemens SIMATIC WinCC Flexible (Runtime) - Multiple Vulnerabilities2011-11-28
CVE-2011-4876 — Path Traversal in Siemens | cvebase