HTTP Header Injection Vulnerability in Siemens HMI Comfort Panels and WinCC
CVE-2018-13814

8.8HIGH

Key Information:

Vendor: Siemens
Status: Simatic Hmi Comfort Panels 4" - 22", Simatic Hmi Comfort Outdoor Panels 7" & 15", Simatic Hmi Ktp Mobile Panels Ktp400f, Ktp700, Ktp700f, Ktp900 Und Ktp900f, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Professional, Simatic Wincc (tia Portal), Simatic Hmi Classic Devices (tp/mp/op/mp Mobile Panel)
Vendor: CVE Published:; 13 December 2018

Summary

A vulnerability has been identified within several Siemens SIMATIC HMI devices that could allow an attacker to manipulate HTTP headers via the integrated web server. This vulnerability affects devices operating below version V14. To exploit the flaw, an attacker needs to trick a valid authenticated user into clicking on a malicious link, which could lead to unauthorized actions or data exposure. At the time of reporting, there was no known public exploitation of this issue.

Affected Version(s)

SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) SIMATIC HMI Comfort Panels 4" - 22" : All versions < V14 < SIMATIC HMI Comfort Panels 4" - 22" : All versions V14

SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) SIMATIC HMI Comfort Outdoor Panels 7" & 15" : All versions < V14 < SIMATIC HMI Comfort Outdoor Panels 7" & 15" : All versions V14

SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F : All versions < V14 < SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F : All versions V14

References

http://www.securityfocus.com/bid/105931

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-94408...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2018
Vulnerability Reserved
Jul 10, 2018