Siemens SIMATIC WinCC TIA Portal Multiple Security Vulnerabilities

Siemens SIMATIC WinCC TIA Portal is prone to multiple security vulnerabilities, including:

1. A security-bypass vulnerability
2. A denial-of-service vulnerability
3. An HTML-injection vulnerability
4. An information-disclosure vulnerability
5. An HTTP-header-injection vulnerability
6. An information-disclosure vulnerability
7. A cross-site scripting vulnerability

Attackers can exploit these issues to bypass certain security restrictions, obtain sensitive information and gain unauthorized access, allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, insert arbitrary headers into an HTTP response, or perform a denial-of-service attack. Other attacks may be possible.


Privacy Statement
Copyright 2010, SecurityFocus