VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Feb 3, 2012· Updated Apr 29, 2026

CVE-2011-4878

CVE-2011-4878

Description

Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.

Affected products

16
  • Siemens Foundation/Simatic Hmi Panels5 versions
    cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:siemens:simatic_hmi_panels:comfort_panels:*:*:*:*:*:*:*
    • cpe:2.3:a:siemens:simatic_hmi_panels:mobile_panels:*:*:*:*:*:*:*
    • cpe:2.3:a:siemens:simatic_hmi_panels:mp:*:*:*:*:*:*:*
    • cpe:2.3:a:siemens:simatic_hmi_panels:op:*:*:*:*:*:*:*
    • cpe:2.3:a:siemens:simatic_hmi_panels:tp:*:*:*:*:*:*:*
  • Siemens Foundation/Wincc Flexible6 versions
    cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:siemens:wincc_flexible:2004:*:*:*:*:*:*:*
    • cpe:2.3:a:siemens:wincc_flexible:2005:*:*:*:*:*:*:*
    • cpe:2.3:a:siemens:wincc_flexible:2007:*:*:*:*:*:*:*
    • cpe:2.3:a:siemens:wincc_flexible:2008:*:*:*:*:*:*:*
    • cpe:2.3:a:siemens:wincc_flexible:2008:sp1:*:*:*:*:*:*
    • cpe:2.3:a:siemens:wincc_flexible:2008:sp2:*:*:*:*:*:*
  • Siemens Foundation/Wincc Flexible Runtime
    cpe:2.3:a:siemens:wincc_flexible_runtime:*:*:*:*:*:*:*:*
  • Siemens Foundation/Wincc Runtime Advanced
    cpe:2.3:a:siemens:wincc_runtime_advanced:v11:*:*:*:*:*:*:*
  • Siemens Foundation/Wincc3 versions
    cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:siemens:wincc:*:sp2:*:*:*:*:*:*range: <=v11
    • cpe:2.3:a:siemens:wincc:v11:*:*:*:*:*:*:*
    • cpe:2.3:a:siemens:wincc:v11:sp1:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.