Authentication Bypass in SIMATIC IT Products by Siemens
CVE-2018-13804
Key Information:
Summary
A vulnerability has been detected in various SIMATIC IT products from Siemens that enables an attacker with network access to bypass application-level authentication. This requires the attacker to have knowledge of a valid username, but does not necessitate any user privileges or interaction. Successful exploitation of this vulnerability could jeopardize the confidentiality, integrity, and availability of the affected systems, posing risks to critical processes and data security. At the time of reporting, no public exploits had been documented.
Affected Version(s)
SIMATIC IT LMS, SIMATIC IT Production Suite, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing SIMATIC IT LMS : All versions
SIMATIC IT LMS, SIMATIC IT Production Suite, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing SIMATIC IT Production Suite : Versions V7.1 < V7.1 Upd3 < SIMATIC IT Production Suite : Versions V7.1 V7.1 Upd3
SIMATIC IT LMS, SIMATIC IT Production Suite, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing SIMATIC IT UA Discrete Manufacturing : Versions < V1.2 < SIMATIC IT UA Discrete Manufacturing : Versions V1.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved