CVE-2011-4878

Siemens WinCC flexible - Directory Traversal via URI

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4878. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in Siemens SIMATIC WinCC flexible (Runtime), including stack overflows, directory traversal, and arbitrary memory read access. The writeup provides in-depth root cause analysis, affected functions, and memory corruption mechanics.

Description

Directory traversal vulnerability in miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to read arbitrary files via a ..%5c (dot dot backslash) in a URI.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Luigi Auriemma · textdoswindows
https://www.exploit-db.com/exploits/18166

This is a detailed technical analysis of multiple vulnerabilities in Siemens SIMATIC WinCC flexible (Runtime), including stack overflows, directory traversal, and arbitrary memory read access. The writeup provides in-depth root cause analysis, affected functions, and memory corruption mechanics.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Siemens SIMATIC WinCC flexible (Runtime) 2008 SP2 + security patch 1
No auth needed
Prerequisites: Network access to the target system · HmiLoad in Transfer mode listening on port 4410
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18166
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71452
Various Sources x_refsource_misc
http://aluigi.org/adv/winccflex_1-adv.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/77383
US Government Resource x_refsource_misc
http://www.us-cert.gov/control_systems/pdf/ICSA-12-030-01.pdf

Scores

EPSS 0.1207
EPSS Percentile 95.6%

Details

CWE
CWE-22
Status published
Products (13)
siemens/simatic_hmi_panels comfort_panels
siemens/simatic_hmi_panels mobile_panels
siemens/simatic_hmi_panels mp
siemens/simatic_hmi_panels op
siemens/simatic_hmi_panels tp
siemens/wincc v11 (2 CPE variants)
siemens/wincc < v11
siemens/wincc_flexible 2004
siemens/wincc_flexible 2005
siemens/wincc_flexible 2007
... and 3 more
Published Feb 03, 2012
Tracked Since Feb 18, 2026