First published: Thu Dec 13 2018(Updated: )
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Simatic Hmi Comfort Panels Firmware | <14.0 | |
Siemens Simatic Hmi Comfort Panels | ||
Siemens Simatic Hmi Comfort Outdoor Panels Firmware | <14.0 | |
Siemens Simatic Hmi Comfort Outdoor Panels | ||
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f Firmware | <14.0 | |
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f | ||
Siemens Simatic Hmi Ktp Mobile Panels Ktp700 Firmware | <14.0 | |
Siemens Simatic Hmi Ktp Mobile Panels Ktp700 | ||
Siemens Simatic Hmi Ktp Mobile Panels Ktp700f Firmware | <14.0 | |
Siemens Simatic Hmi Ktp Mobile Panels Ktp700f | ||
Siemens Simatic Hmi Ktp Mobile Panels Ktp900 Firmware | <14.0 | |
Siemens Simatic Hmi Ktp Mobile Panels Ktp900 | ||
Siemens Simatic Hmi Ktp Mobile Panels Ktp900f Firmware | <14.0 | |
Siemens Simatic Hmi Ktp Mobile Panels Ktp900f | ||
Siemens Simatic Wincc \(tia Portal\) | <14.0 | |
Siemens Simatic Wincc Runtime | <14.0 | |
Siemens Simatic Wincc Runtime | <14.0 | |
Siemens Simatic Hmi Tp Firmware | ||
Siemens Simatic Hmi Tp | ||
Siemens Simatic Hmi Mp Firmware | ||
Siemens Simatic Hmi Mp | ||
Siemens Simatic Hmi Op Firmware | ||
Siemens Simatic Hmi Op |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-13814 is high, with a severity value of 8.8.
The affected software for CVE-2018-13814 includes SIMATIC HMI Comfort Panels, SIMATIC HMI Comfort Outdoor Panels, SIMATIC HMI KTP Mobile Panels, and SIMATIC WinCC Runtime Advanced.
CVE-2018-13814 is a vulnerability identified in SIMATIC HMI Comfort Panels, SIMATIC HMI Comfort Outdoor Panels, SIMATIC HMI KTP Mobile Panels, and SIMATIC WinCC Runtime Advanced. It allows an attacker to execute arbitrary code.
To fix CVE-2018-13814, it is recommended to update to a version higher than V14 of the affected software.
More information about CVE-2018-13814 can be found at the following references: [1] http://www.securityfocus.com/bid/105931 [2] https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf