URL Redirection Vulnerability in SIMATIC HMI Devices by Siemens
CVE-2018-13813

8.1HIGH

Key Information:

Vendor: Siemens
Status: Simatic Hmi Comfort Panels 4" - 22", Simatic Hmi Comfort Outdoor Panels 7" & 15", Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Professional, Simatic Wincc (tia Portal), Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)
Vendor: CVE Published:; 13 December 2018

Summary

A vulnerability in Siemens SIMATIC HMI devices allows for potential URL redirection to untrusted sites via the web server. This flaw affects various device models, notably those running versions prior to V15 Update 4. Attackers could exploit this issue by deceiving authenticated users into clicking malicious links, which could lead to unauthorized access or redirecting to harmful sites. While there has been no known public exploitation of this vulnerability at the time of the advisory, it remains a critical concern for organizations using these devices.

Affected Version(s)

SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) SIMATIC HMI Comfort Panels 4" - 22" : All versions < V15 Update 4 < SIMATIC HMI Comfort Panels 4" - 22" : All versions V15 Update 4

SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) SIMATIC HMI Comfort Outdoor Panels 7" & 15" : All versions < V15 Update 4 < SIMATIC HMI Comfort Outdoor Panels 7" & 15" : All versions V15 Update 4

SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F : All versions < V15 Update 4 < SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F : All versions V15 Update 4

References

http://www.securityfocus.com/bid/105922

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-23310...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2018
Vulnerability Reserved
Jul 10, 2018