Vulnerability CVE-2018-13813


Published: 2018-12-13

Description:
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Type:

CWE-601

(URL Redirection to Untrusted Site ('Open Redirect'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
Siemens -> Simatic wincc (tia portal) 
Siemens -> Simatic wincc runtime 
Siemens -> Simatic hmi comfort outdoor panels firmware 
Siemens -> Simatic hmi comfort panels firmware 
Siemens -> Simatic hmi ktp mobile panels ktp400f firmware 
Siemens -> Simatic hmi ktp mobile panels ktp700 firmware 
Siemens -> Simatic hmi ktp mobile panels ktp700f firmware 
Siemens -> Simatic hmi ktp mobile panels ktp900 firmware 
Siemens -> Simatic hmi ktp mobile panels ktp900f firmware 
Siemens -> Simatic hmi mp firmware 
Siemens -> Simatic hmi op firmware 
Siemens -> Simatic hmi tp firmware 

 References:
http://www.securityfocus.com/bid/105922
https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf

Copyright 2020, cxsecurity.com

 

Back to Top