Sign-up

ID

VAR-E-201111-0362


TITLE

MiniWeb Denial Of Service and Directory Traversal Vulnerabilities

Trust: 0.3

sources: BID: 50827

DESCRIPTION

MiniWeb is prone to a denial-of-service vulnerability and a directory-traversal vulnerability.
Exploiting these issues may allow remote attackers to crash the server or download arbitrary files within the context of the affected server.

Trust: 0.3

sources: BID: 50827

AFFECTED PRODUCTS

vendor:stanleymodel:huang miniwebscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible runtimescope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc flexible sp2scope:eqversion:2008

Trust: 0.3

sources: BID: 50827

EXPLOIT

Exploits are available. Please see the references for more information.
The following exploit code is available for the denial-of-service vulnerability:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/50827.py">/data/vulnerabilities/exploits/50827.py</a></li>

Trust: 0.3

sources: BID: 50827

PRICE

Free

Trust: 0.3

sources: BID: 50827

TYPE

Unknown

Trust: 0.3

sources: BID: 50827

CREDITS

Luigi Auriemma

Trust: 0.3

sources: BID: 50827

EXTERNAL IDS

db:BIDid:50827

Trust: 0.3

sources: BID: 50827

REFERENCES

url:http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/pages/default.aspx

Trust: 0.3

url:http://aluigi.altervista.org/adv/winccflex_1-adv.txt

Trust: 0.3

url:http://sourceforge.net/projects/miniweb

Trust: 0.3

sources: BID: 50827

SOURCES

db:BIDid:50827

LAST UPDATE DATE

2022-07-27T09:40:41.561000+00:00


SOURCES UPDATE DATE

db:BIDid:50827date:2012-05-31T22:20:00

SOURCES RELEASE DATE

db:BIDid:50827date:2011-11-28T00:00:00