CVE-2011-4510
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD
Description
Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511.
Affected (16)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2004 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version comfort_panels |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version v11 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
References (4)
Source: cret@cert.org
Vendor Advisory
Source: cret@cert.org
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Timeline
No history available yet.