Vulnerability CVE-2018-13813


Published: 2018-12-13

Description:
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

Vendor: Siemens
Product: Simatic hmi ktp mobile panels ktp700 firmware 
Version: 15.0;
Product: Simatic wincc (tia portal) 
Version: 15.0;
Product: Simatic hmi ktp mobile panels ktp900 firmware 
Version: 15.0;
Product: Simatic hmi comfort outdoor panels firmware 
Version: 15.0;
Product: Simatic hmi ktp mobile panels ktp400f firmware 
Version: 15.0;
Product: Simatic hmi ktp mobile panels ktp700f firmware 
Version: 15.0;
Product: Simatic wincc runtime 
Version: 15.0;
Product: Simatic hmi ktp mobile panels ktp900f firmware 
Version: 15.0;
Product: Simatic hmi comfort panels firmware 
Version: 15.0;
Product: Simatic hmi mp firmware 
Product: Simatic hmi tp firmware 
Product: Simatic hmi op firmware 

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
http://www.securityfocus.com/bid/105922
https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf

Related CVE
CVE-2019-6579
A vulnerability has been identified in Spectrum Power? 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability co...
CVE-2019-6575
A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions), SIMATIC RF188C (All versions),...
CVE-2019-6568
A vulnerability has been identified in CP1604 (All versions), CP1616 (All versions), SIAMTIC RF185C (All versions), SIMATIC CP343-1 Advanced (All versions), SIMATIC CP443-1 (All versions), SIMATIC CP443-1 Advanced (All versions), SIMATIC CP443-1 OPC ...
CVE-2019-10953
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
CVE-2018-16561
A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until m...
CVE-2018-16559
A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacke...
CVE-2018-16558
A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacke...
CVE-2018-13810
A vulnerability has been identified in CP 1604 (All versions < V2.8), CP 1616 (All versions < V2.8). The integrated configuration web server of the affected CP devices could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is ...

Copyright 2019, cxsecurity.com

 

Back to Top