Multiple security vulnerabilities in Siemens SIMATIC WinCC

Release date:
Updated on:

Affected Systems:
Siemens SIMATIC WinCC Flexible
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55492
Cve id: CVE-2012-3030, CVE-2012-3031, CVE-2012-3032, CVE-2012-3034

WinCC flexible is a human-machine interface used in some machine or process applications.

Siemens SIMATIC WinCC 7.0 SP3 and earlier versions have multiple security vulnerabilities. Malicious users can exploit these vulnerabilities to perform XSS attacks, SQL injection attacks, and sensitive information leakage.

1) Some inputs sent to the WebNavigator component are not filtered correctly before being returned to the user. Attackers can execute arbitrary HTML and script code in the user's browser of the affected site.

2) some inputs sent to the WebNavigator component are not correctly verified before being used to read files. Directory traversal can cause information leakage.

3) Some inputs sent to the WebNavigator component through SOAP messages are not correctly verified before being used for SQL queries. You can run SQL queries by injecting SQL code.

4) An error exists in the ActiveX control, which can be exploited to leak the authenticated user name and password.

<* Source: Denis Baranov Sergey Bobrov

Link: http://secunia.com/advisories/50568/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Siemens
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.automation.siemens.com/mcms/automation/en/