CVE-2018-13814

Published: Dec 13, 2018Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected (13)

Products: Siemens: Simatic Hmi Comfort Panels Firmware, Simatic Hmi Comfort Outdoor Panels Firmware, Simatic Hmi Ktp Mobile Panels Ktp400f Firmware, Simatic Hmi Ktp Mobile Panels Ktp700 Firmware, Simatic Hmi Ktp Mobile Panels Ktp700f Firmware, Simatic Hmi Ktp Mobile Panels Ktp900 Firmware, Simatic Hmi Ktp Mobile Panels Ktp900f Firmware, Simatic Wincc (tia Portal), Simatic Wincc Runtime, Simatic Hmi Tp Firmware, Simatic Hmi Mp Firmware, Simatic Hmi Op Firmware

Siemens

12 products

Simatic Hmi Comfort Panels Firmware

Simatic Hmi Comfort Outdoor Panels Firmware

Simatic Hmi Ktp Mobile Panels Ktp400f Firmware

Simatic Hmi Ktp Mobile Panels Ktp700 Firmware

Simatic Hmi Ktp Mobile Panels Ktp700f Firmware

Simatic Hmi Ktp Mobile Panels Ktp900 Firmware

Simatic Hmi Ktp Mobile Panels Ktp900f Firmware

Simatic Wincc (tia Portal)

Simatic Wincc Runtime

Simatic Hmi Tp Firmware

Simatic Hmi Mp Firmware

Simatic Hmi Op Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Comfort Panels Firmware	Before 14.0

Running on/with	Platform Versions
Siemens Simatic Hmi Comfort Panels	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Comfort Outdoor Panels Firmware	Before 14.0

Running on/with	Platform Versions
Siemens Simatic Hmi Comfort Outdoor Panels	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f Firmware	Before 14.0

Running on/with	Platform Versions
Siemens Simatic Hmi Ktp Mobile Panels Ktp400f	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Ktp Mobile Panels Ktp700 Firmware	Before 14.0

Running on/with	Platform Versions
Siemens Simatic Hmi Ktp Mobile Panels Ktp700	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Ktp Mobile Panels Ktp700f Firmware	Before 14.0

Running on/with	Platform Versions
Siemens Simatic Hmi Ktp Mobile Panels Ktp700f	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Ktp Mobile Panels Ktp900 Firmware	Before 14.0

Running on/with	Platform Versions
Siemens Simatic Hmi Ktp Mobile Panels Ktp900	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Ktp Mobile Panels Ktp900f Firmware	Before 14.0

Running on/with	Platform Versions
Siemens Simatic Hmi Ktp Mobile Panels Ktp900f	All versions

Configuration H

3 vulnerable

Vulnerable Software	Affected Versions
Siemens Simatic Wincc (tia Portal)	Before 14.0
Siemens Simatic Wincc Runtime	Before 14.0
Siemens Simatic Wincc Runtime	Before 14.0

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Tp Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Hmi Tp	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Mp Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Hmi Mp	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Simatic Hmi Op Firmware	All versions

Running on/with	Platform Versions
Siemens Simatic Hmi Op	All versions

Related CWEs

CWE-113

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/bid/105931

Source: productcert@siemens.com

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf

Source: productcert@siemens.com

Vendor Advisory

http://www.securityfocus.com/bid/105931

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.