Vulnerabilities > CVE-2018-13813 - Open Redirect vulnerability in Siemens products

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

siemens

CWE-601

NVD

Published: 2018-12-13

Updated: 2019-10-09

Summary

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Vulnerable Configurations

Part	Description	Count
OS	Siemens Siemens Simatic HMI Comfort Panels Firmware 14.0 Siemens Simatic HMI Comfort Outdoor Panels Firmware 14.0 Siemens Simatic HMI KTP Mobile Panels Ktp400F Firmware 14.0 Siemens Simatic HMI KTP Mobile Panels Ktp700 Firmware 14.0 Siemens Simatic HMI KTP Mobile Panels Ktp700F Firmware 14.0 Siemens Simatic HMI KTP Mobile Panels Ktp900 Firmware 14.0 Siemens Simatic HMI KTP Mobile Panels Ktp900F Firmware 14.0 Siemens Simatic HMI TP Firmware * Siemens Simatic HMI MP Firmware * Siemens Simatic HMI OP Firmware *	10
Hardware	Siemens Siemens Simatic HMI Comfort Panels - Siemens Simatic HMI Comfort Outdoor Panels - Siemens Simatic HMI KTP Mobile Panels Ktp400F - Siemens Simatic HMI KTP Mobile Panels Ktp700 - Siemens Simatic HMI KTP Mobile Panels Ktp700F - Siemens Simatic HMI KTP Mobile Panels Ktp900 - Siemens Simatic HMI KTP Mobile Panels Ktp900F - Siemens Simatic HMI TP - Siemens Simatic HMI MP - Siemens Simatic HMI OP -	10
Application	Siemens Siemens Simatic Wincc (Tia Portal) - Siemens Simatic Wincc (Tia Portal) 10.0 Siemens Simatic Wincc (Tia Portal) 11.0 Siemens Simatic Wincc (Tia Portal) 12.0 Siemens Simatic Wincc (Tia Portal) 13 Siemens Simatic Wincc (Tia Portal) 13.0 Siemens Simatic Wincc (Tia Portal) 14 Siemens Simatic Wincc (Tia Portal) 14.0 Siemens Simatic Wincc (Tia Portal) 15.0 Siemens Simatic Wincc Runtime - Siemens Simatic Wincc Runtime 14.0 Siemens Simatic Wincc Runtime 13 Siemens Simatic Wincc Runtime 14 Siemens Simatic Wincc Runtime 15	25

Common Weakness Enumeration (CWE)

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Common Attack Pattern Enumeration and Classification (CAPEC)

Fake the Source of Data
An adversary provides data under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or it might be an attempt by the adversary to assume the rights granted to another identity. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References