CVE-2018-13812
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
Se ha identificado una vulnerabilidad en SIMATIC HMI Comfort Panels 4" - 22" (todas las versiones anteriores a V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" 15" (todas las versiones anteriores a V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 y KTP900F (todas las versiones anteriores a V15 Update 4), SIMATIC WinCC Runtime Advanced (todas las versiones anteriores a V15 Update 4), SIMATIC WinCC Runtime Professional (todas las versiones anteriores a V15 Update 4), SIMATIC WinCC (TIA Portal) (todas las versiones anteriores a V15 Update 4) y SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (todas las versiones). Una vulnerabilidad de salto de directorio podría permitir la descarga de archivos arbitrarios desde el dispositivo. Esta vulnerabilidad de seguridad podría ser explotada por atacantes con acceso de red al servidor web integrado. No se requiere interacción o autenticación del usuario para explotar esta vulnerabilidad. La vulnerabilidad impacta la confidencialidad del dispositivo. En el momento de la publicación del aviso, no se conoce ninguna explotación pública de la vulnerabilidad de seguridad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-10 CVE Reserved
- 2018-12-13 CVE Published
- 2024-05-05 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105922 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Simatic Hmi Comfort Panels Firmware Search vendor "Siemens" for product "Simatic Hmi Comfort Panels Firmware" | <= 15.0 Search vendor "Siemens" for product "Simatic Hmi Comfort Panels Firmware" and version " <= 15.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Hmi Comfort Panels Search vendor "Siemens" for product "Simatic Hmi Comfort Panels" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Hmi Comfort Outdoor Panels Firmware Search vendor "Siemens" for product "Simatic Hmi Comfort Outdoor Panels Firmware" | <= 15.0 Search vendor "Siemens" for product "Simatic Hmi Comfort Outdoor Panels Firmware" and version " <= 15.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Hmi Comfort Outdoor Panels Search vendor "Siemens" for product "Simatic Hmi Comfort Outdoor Panels" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Hmi Ktp Mobile Panels Ktp400f Firmware Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp400f Firmware" | <= 15.0 Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp400f Firmware" and version " <= 15.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Hmi Ktp Mobile Panels Ktp400f Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp400f" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Hmi Ktp Mobile Panels Ktp700 Firmware Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700 Firmware" | <= 15.0 Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700 Firmware" and version " <= 15.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Hmi Ktp Mobile Panels Ktp700 Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Hmi Ktp Mobile Panels Ktp700f Firmware Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700f Firmware" | <= 15.0 Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700f Firmware" and version " <= 15.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Hmi Ktp Mobile Panels Ktp700f Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp700f" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Hmi Ktp Mobile Panels Ktp900 Firmware Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900 Firmware" | <= 15.0 Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900 Firmware" and version " <= 15.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Hmi Ktp Mobile Panels Ktp900 Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Hmi Ktp Mobile Panels Ktp900f Firmware Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900f Firmware" | <= 15.0 Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900f Firmware" and version " <= 15.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Hmi Ktp Mobile Panels Ktp900f Search vendor "Siemens" for product "Simatic Hmi Ktp Mobile Panels Ktp900f" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Hmi Tp Firmware Search vendor "Siemens" for product "Simatic Hmi Tp Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Hmi Tp Search vendor "Siemens" for product "Simatic Hmi Tp" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Hmi Mp Firmware Search vendor "Siemens" for product "Simatic Hmi Mp Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Hmi Mp Search vendor "Siemens" for product "Simatic Hmi Mp" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Hmi Op Firmware Search vendor "Siemens" for product "Simatic Hmi Op Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Hmi Op Search vendor "Siemens" for product "Simatic Hmi Op" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Simatic Wincc \(tia Portal\) Search vendor "Siemens" for product "Simatic Wincc \(tia Portal\)" | <= 15.0 Search vendor "Siemens" for product "Simatic Wincc \(tia Portal\)" and version " <= 15.0" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Simatic Wincc Runtime Search vendor "Siemens" for product "Simatic Wincc Runtime" | <= 15.0 Search vendor "Siemens" for product "Simatic Wincc Runtime" and version " <= 15.0" | advanced |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Simatic Wincc Runtime Search vendor "Siemens" for product "Simatic Wincc Runtime" | <= 15.0 Search vendor "Siemens" for product "Simatic Wincc Runtime" and version " <= 15.0" | professional |
Affected
| ||||||