ID de Prueba:	1.3.6.1.4.1.25623.1.0.103572
Categoría:	Web application abuses
Título:	Siemens SIMATIC WinCC HMI Web Server Multiple Input Validation Vulnerabilities - Active Check
Resumen:	Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a; directory-traversal issue, and an arbitrary memory-read access issue because the application fails to; properly sanitize user-supplied input.
Descripción:	Summary: Siemens SIMATIC WinCC is prone to an HTTP-header-injection issue, a directory-traversal issue, and an arbitrary memory-read access issue because the application fails to properly sanitize user-supplied input. Vulnerability Impact: A remote attacker can exploit these issues to gain elevated privileges, obtain sensitive information, or cause denial-of-service conditions. Solution: Updates are available. Please see the references for more information. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4512 http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf Common Vulnerability Exposure (CVE) ID: CVE-2011-4878 http://www.exploit-db.com/exploits/18166 http://aluigi.org/adv/winccflex_1-adv.txt http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-332-02A.pdf http://www.osvdb.org/77383 XForce ISS Database: simatic-miniweb-directory-traversal(71452) https://exchange.xforce.ibmcloud.com/vulnerabilities/71452 Common Vulnerability Exposure (CVE) ID: CVE-2011-4879 http://www.osvdb.org/77384 XForce ISS Database: simatic-miniweb-dos(71453) https://exchange.xforce.ibmcloud.com/vulnerabilities/71453
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.