CVE-2018-13813
First published: Thu Dec 13 2018(Updated: )
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Simatic Hmi Comfort Panels Firmware | <=15.0 | |
| Siemens Simatic Hmi Comfort Panels | ||
| Siemens Simatic Hmi Comfort Outdoor Panels Firmware | <=15.0 | |
| Siemens Simatic Hmi Comfort Outdoor Panels | ||
| Siemens Simatic Hmi Ktp Mobile Panels Ktp400f Firmware | <=15.0 | |
| Siemens Simatic Hmi Ktp Mobile Panels Ktp400f | ||
| Siemens Simatic Hmi Ktp Mobile Panels Ktp700 Firmware | <=15.0 | |
| Siemens Simatic Hmi Ktp Mobile Panels Ktp700 | ||
| Siemens Simatic Hmi Ktp Mobile Panels Ktp700f Firmware | <=15.0 | |
| Siemens Simatic Hmi Ktp Mobile Panels Ktp700f | ||
| Siemens Simatic Hmi Ktp Mobile Panels Ktp900 Firmware | <=15.0 | |
| Siemens Simatic Hmi Ktp Mobile Panels Ktp900 | ||
| Siemens Simatic Hmi Ktp Mobile Panels Ktp900f Firmware | <=15.0 | |
| Siemens Simatic Hmi Ktp Mobile Panels Ktp900f | ||
| Siemens Simatic Wincc \(tia Portal\) | <=15.0 | |
| Siemens Simatic Wincc Runtime | <=15.0 | |
| Siemens Simatic Wincc Runtime | <=15.0 | |
| Siemens Simatic Hmi Tp Firmware | ||
| Siemens Simatic Hmi Tp | ||
| Siemens Simatic Hmi Mp Firmware | ||
| Siemens Simatic Hmi Mp | ||
| Siemens Simatic Hmi Op Firmware | ||
| Siemens Simatic Hmi Op |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-13813?
The severity of CVE-2018-13813 is high with a severity score of 8.1.
What is affected by CVE-2018-13813?
SIMATIC HMI Comfort Panels 4 - 22, SIMATIC HMI Comfort Outdoor Panels 7 & 15, SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, and SIMATIC WinCC.
How can I fix CVE-2018-13813?
Apply V15 Update 4 to SIMATIC HMI Comfort Panels, SIMATIC HMI Comfort Outdoor Panels, SIMATIC HMI KTP Mobile Panels, and SIMATIC WinCC.
Where can I find more information about CVE-2018-13813?
You can find more information about CVE-2018-13813 on the SecurityFocus website and the Siemens ProductCERT PDF document.
What is the CWE ID of CVE-2018-13813?
The CWE ID of CVE-2018-13813 is 601.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/siemens
- canonical/siemens simatic hmi comfort panels firmware
- version/siemens simatic hmi comfort panels firmware/15.0
- canonical/siemens simatic hmi comfort panels
- canonical/siemens simatic hmi comfort outdoor panels firmware
- version/siemens simatic hmi comfort outdoor panels firmware/15.0
- canonical/siemens simatic hmi comfort outdoor panels
- canonical/siemens simatic hmi ktp mobile panels ktp400f firmware
- version/siemens simatic hmi ktp mobile panels ktp400f firmware/15.0
- canonical/siemens simatic hmi ktp mobile panels ktp400f
- canonical/siemens simatic hmi ktp mobile panels ktp700 firmware
- version/siemens simatic hmi ktp mobile panels ktp700 firmware/15.0
- canonical/siemens simatic hmi ktp mobile panels ktp700
- canonical/siemens simatic hmi ktp mobile panels ktp700f firmware
- version/siemens simatic hmi ktp mobile panels ktp700f firmware/15.0
- canonical/siemens simatic hmi ktp mobile panels ktp700f
- canonical/siemens simatic hmi ktp mobile panels ktp900 firmware
- version/siemens simatic hmi ktp mobile panels ktp900 firmware/15.0
- canonical/siemens simatic hmi ktp mobile panels ktp900
- canonical/siemens simatic hmi ktp mobile panels ktp900f firmware
- version/siemens simatic hmi ktp mobile panels ktp900f firmware/15.0
- canonical/siemens simatic hmi ktp mobile panels ktp900f
- canonical/siemens simatic wincc \(tia portal\)
- version/siemens simatic wincc \(tia portal\)/15.0
- canonical/siemens simatic wincc runtime
- version/siemens simatic wincc runtime/15.0
- canonical/siemens simatic hmi tp firmware
- canonical/siemens simatic hmi tp
- canonical/siemens simatic hmi mp firmware
- canonical/siemens simatic hmi mp
- canonical/siemens simatic hmi op firmware
- canonical/siemens simatic hmi op