First published: Thu Dec 13 2018(Updated: )
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Simatic Hmi Comfort Panels Firmware | <=15.0 | |
Siemens Simatic Hmi Comfort Panels | ||
Siemens Simatic Hmi Comfort Outdoor Panels Firmware | <=15.0 | |
Siemens Simatic Hmi Comfort Outdoor Panels | ||
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f Firmware | <=15.0 | |
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f | ||
Siemens Simatic Hmi Ktp Mobile Panels Ktp700 Firmware | <=15.0 | |
Siemens Simatic Hmi Ktp Mobile Panels Ktp700 | ||
Siemens Simatic Hmi Ktp Mobile Panels Ktp700f Firmware | <=15.0 | |
Siemens Simatic Hmi Ktp Mobile Panels Ktp700f | ||
Siemens Simatic Hmi Ktp Mobile Panels Ktp900 Firmware | <=15.0 | |
Siemens Simatic Hmi Ktp Mobile Panels Ktp900 | ||
Siemens Simatic Hmi Ktp Mobile Panels Ktp900f Firmware | <=15.0 | |
Siemens Simatic Hmi Ktp Mobile Panels Ktp900f | ||
Siemens Simatic Wincc \(tia Portal\) | <=15.0 | |
Siemens Simatic Wincc Runtime | <=15.0 | |
Siemens Simatic Wincc Runtime | <=15.0 | |
Siemens Simatic Hmi Tp Firmware | ||
Siemens Simatic Hmi Tp | ||
Siemens Simatic Hmi Mp Firmware | ||
Siemens Simatic Hmi Mp | ||
Siemens Simatic Hmi Op Firmware | ||
Siemens Simatic Hmi Op |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-13813 is high with a severity score of 8.1.
SIMATIC HMI Comfort Panels 4 - 22, SIMATIC HMI Comfort Outdoor Panels 7 & 15, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, and SIMATIC WinCC.
Apply V15 Update 4 to SIMATIC HMI Comfort Panels, SIMATIC HMI Comfort Outdoor Panels, SIMATIC HMI KTP Mobile Panels, and SIMATIC WinCC.
You can find more information about CVE-2018-13813 on the SecurityFocus website and the Siemens ProductCERT PDF document.
The CWE ID of CVE-2018-13813 is 601.