ICSA-12-030-01A · Published 2025-06-09 · View on CISA ICS-CERT ↗

Siemens SIMATIC WinCC Vulnerabilities

CVSS 10.0 CRITICAL

CVEs (12)

CVE-2011-4508 CVE-2011-4509 CVE-2011-4510 CVE-2011-4511 CVE-2011-4512 CVE-2011-4513 CVE-2011-4514 CVE-2011-4875 CVE-2011-4876 CVE-2011-4877 CVE-2011-4878 CVE-2011-4879

Remediations

Each of the reported vulnerabilities has been addressed by Siemens, as follows: Insecure authentication token generation, cross-site scripting, header injection vulnerability, HMI web server directory traversal, and arbitrary memory read access vulnerabilities - Patches are included in Siemens’ WinCC V11 (TIA Portal) SP2 Update 1WinCC V11 (TIA Portal) SP2 Update 1, (http://support.automation.siemens.com/WW/view/en/58112582)
WinCC V11 (TIA Portal) SP2 Update 1, (http://support.automation.siemens.com/WW/view/en/58112587)
and WinCC flexible 2008 SP3.WinCC flexible 2008 SP3, (http://support.automation.siemens.com/WW/view/en/57267466).
Weak default passwords - Product documentation contained in WinCC V11 (TIA Portal) SP2 Update 1, and WinCC flexible 2008 SP3 has been updated to tell the user how to set a proper password during initial setup.
Client-side attack via specially crafted files, runtime loader string stack overflow, runtime loader directory traversal, runtime loader DoS - Siemens recommends that users deactivate the transfer mode after device configuration, because the transport mode provides full access to the device. The transport mode was implemented under the assumption that the software would be running in a protected industrial environment. Siemens strongly recommends that users protect systems according to recommended security practicesSiemens Operational Guidelines for Industrial Security, v1.1, (http://www.industry.siemens.com/topics/global/en/industrial-security/Documents/industrial_security_operational_guidelines_en.pdf).
Siemens Industrial Security homepage, (http://www.siemens.com/industrialsecurity). and configure the environment according to the operational guidelines.
Lack of telnet daemon authentication - Because telnet is a clear text protocol, customers are advised to be aware of corresponding risks. The telnet daemon is disabled by default in product versions WinCC flexible 2008 SP3 and newer, as well as WinCC V11 (TIA Portal) SP2 and newer. Siemens recommends disabling the telnet function on SIMATIC panels when telnet is not actively being used.

Affected Vendors

Siemens

Affected Products (5)

Siemens · WinCC flexible 2004|2005|2007|2008

Siemens · WinCC V11 (TIA portal) vers:all/*

Siemens · Multiple SIMATIC HMI panels (TP, OP, MP, Comfort Panels, Mobile Panels) vers:all/*

Siemens · WinCC V11 Runtime Advanced vers:all/*

Siemens · WinCC flexible Runtime vers:all/*

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more