BID:105922

Siemens SIMATIC Panels Multiple Security Vulnerabilities

CVE-2018-13812 | CVE-2018-13813 |

Info

Siemens SIMATIC Panels Multiple Security Vulnerabilities

Bugtraq ID:	105922
Class:	Input Validation Error
CVE:	CVE-2018-13812 CVE-2018-13813
Remote:	Yes
Local:	No
Published:	Nov 14 2018 12:00AM
Updated:	Nov 14 2018 12:00AM
Credit:	Hosni Tounsi from Carthage Red Team
Vulnerable:	Siemens SIMATIC WinCC Runtime Professional 15 Siemens SIMATIC WinCC Runtime Professional 14 SP1 Siemens SIMATIC WinCC Runtime Professional 14 Siemens SIMATIC WinCC Runtime Professional 13 SP2 Siemens SIMATIC WinCC Runtime Professional 13 SP1 Upd2 Siemens SIMATIC WinCC Runtime Professional 13 SP 1 Update 9 Siemens SIMATIC WinCC Runtime Professional 13 Siemens SIMATIC Wincc Runtime Advanced 15 Siemens SIMATIC Wincc Runtime Advanced 13 SP1 Upd2 Siemens SIMATIC Wincc Runtime Advanced 13 Siemens SIMATIC Wincc Runtime Advanced 12 SP1 Upd5 Siemens SIMATIC Wincc Runtime Advanced 12 Siemens SIMATIC Wincc Runtime Advanced 0 Siemens SIMATIC WinCC (TIA Portal) V13 Update 5 Siemens SIMATIC WinCC (TIA Portal) V12 SP1 Siemens SIMATIC WinCC (TIA Portal) V12 0 Siemens SIMATIC WinCC (TIA Portal) V11 0 Siemens SIMATIC WinCC (TIA Portal) v15 Siemens SIMATIC WinCC (TIA Portal) V13 Update 6 Siemens SIMATIC WinCC (TIA Portal) V13 SP1 Siemens SIMATIC WinCC (TIA Portal) V13 Siemens SIMATIC WinCC (TIA Portal) v10 Siemens SIMATIC HMI KTP Mobile Panels 0 Siemens SIMATIC HMI Comfort Panels 4 Siemens SIMATIC HMI Comfort Panels 22 Siemens SIMATIC HMI Comfort Panels 15 Siemens SIMATIC HMI Comfort Panels 13 SP1 Upd2 Siemens SIMATIC HMI Comfort Panels 13 Siemens SIMATIC HMI Comfort Panels 12 SP1 Upd5 Siemens SIMATIC HMI Comfort Panels 12 Siemens SIMATIC HMI Comfort Panels 0 Siemens SIMATIC HMI Comfort Outdoor Panels 0 Siemens SIMATIC HMI Classic Devices 0

Not Vulnerable:	Siemens SIMATIC WinCC Runtime Professional 15 Update 4 Siemens SIMATIC Wincc Runtime Advanced 15 Update 4 Siemens SIMATIC WinCC (TIA Portal) 15 Update 4 Siemens SIMATIC HMI KTP Mobile Panels 15 Update 4 Siemens SIMATIC HMI Comfort Panels 15 Update 4 Siemens SIMATIC HMI Comfort Outdoor Panels 15 Update 4

Discussion

Siemens SIMATIC Panels Multiple Security Vulnerabilities

Siemens SIMATIC Panels is prone to following security vulnerabilities:

1. An open-redirection vulnerability
2. A directory-traversal vulnerability

Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site.

Exploit / POC

Siemens SIMATIC Panels Multiple Security Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]

Solution / Fix

Siemens SIMATIC Panels Multiple Security Vulnerabilities

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

Siemens SIMATIC Panels Multiple Security Vulnerabilities

References:

Siemens Homepage (Siemens)
Advisory (ICSA-18-317-08) (ICS-CERT)