Directory Traversal Vulnerability in Siemens SIMATIC HMI Products
CVE-2018-13812

7.5HIGH

Key Information:

Vendor: Siemens
Status: Simatic Hmi Comfort Panels 4" - 22", Simatic Hmi Comfort Outdoor Panels 7" & 15", Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Professional, Simatic Wincc (tia Portal), Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)
Vendor: CVE Published:; 13 December 2018

Summary

A directory traversal vulnerability exists in various Siemens SIMATIC HMI products, allowing unauthorized access to download arbitrary files from the device. This security flaw can be exploited remotely by attackers with network access to the web server of the affected devices. Successful exploitation does not require any user interaction or authentication, posing a significant risk to the confidentiality of information stored on these devices. At the time of disclosure, no known public exploitation of this vulnerability had been reported.

Affected Version(s)

SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) SIMATIC HMI Comfort Panels 4" - 22" : All versions < V15 Update 4 < SIMATIC HMI Comfort Panels 4" - 22" : All versions V15 Update 4

SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) SIMATIC HMI Comfort Outdoor Panels 7" & 15" : All versions < V15 Update 4 < SIMATIC HMI Comfort Outdoor Panels 7" & 15" : All versions V15 Update 4

SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F : All versions < V15 Update 4 < SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F : All versions V15 Update 4

References

http://www.securityfocus.com/bid/105922

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-23310...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2018
Vulnerability Reserved
Jul 10, 2018