×
Siemens Industry Online Support
Siemens AG
Entry type: Download Entry ID: 50248864, Entry date: 05/20/2011
(0)
Rate

Security Patch für WinCC flexible & RF Manager

  • Entry
  • Associated product(s)

DESCRIPTION:
On 17 May 2011 the CERT informed us of a possible vulnerability in an external component which is used by the SIMATIC WinCC flexible Engineering System and SIMATIC RF Manager. We have no information about the existence of a current threat to our product by malware that exploits this vulnerability. Our specialists have carried out a complete investigation. The vulnerability can allow remote code execution if a user calls a specially designed HTML Page in MS InternetExplorer. The following products are affected:

  • WinCC flexible 2005
  • WinCC flexible 2005 SP1
  • WinCC flexible 2007
  • WinCC flexible 2008
  • WinCC flexible 2008 SP1
  • WinCC flexible 2008 SP2
     
  • RF Manager 2007
  • RF Manager 2008
  • RF Manager 2008 SP1
  • RF Manager 2008 SP2
  • RF Manager 2008 SP3

There is a free update available for download that removes the possible vulnerability in the external component.

  1. Information on the SecurityPatch
        Siemens_Security_Advisory_SSA-191374.pdf ( 23 KB )
        Liesmich ( 164 KB )
         Readme ( 161 KB )
    If you have problems in the use of the SecurityPatch, please take contact with the Customer Support.
     
  2. SecurityPatch Download

        WinCC flexible Security Patch 1:  ZIP ( 24 KB ) ; EXE ( 24 KB )
        RF Manager Security Patch 1:  ZIP ( 24 KB ) ; EXE ( 24 KB )