CVE-2018-13814 — HIGH (8.8)

Q: How severe is CVE-2018-13814?

CVE-2018-13814 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-13814?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Hmi Comfort Panels Firmware, Siemens Simatic Hmi Comfort Panels, Siemens Simatic Hmi Comfort Outdoor Panels Firmware, Siemens Simatic Hmi Comfort Outdoor Panels, Siemens Simatic Hmi Ktp Mobile Panels Ktp400F Firmware.

Vulnerability Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Siemens	Simatic Hmi Comfort Panels Firmware	< 14.0
Siemens	Simatic Hmi Comfort Panels	-
Siemens	Simatic Hmi Comfort Outdoor Panels Firmware	< 14.0
Siemens	Simatic Hmi Comfort Outdoor Panels	-
Siemens	Simatic Hmi Ktp Mobile Panels Ktp400F Firmware	< 14.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp400F	-
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700 Firmware	< 14.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700	-
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700F Firmware	< 14.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700F	-
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900 Firmware	< 14.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900	-
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900F Firmware	< 14.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900F	-
Siemens	Simatic Wincc \(Tia Portal\)	< 14.0
Siemens	Simatic Wincc Runtime	< 14.0
Siemens	Simatic Hmi Tp Firmware	All versions
Siemens	Simatic Hmi Tp	-
Siemens	Simatic Hmi Mp Firmware	All versions
Siemens	Simatic Hmi Mp	-

Related Weaknesses (CWE)

CWE-20 CWE-113

References

http://www.securityfocus.com/bid/105931Third Party AdvisoryVDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdfVendor Advisory
http://www.securityfocus.com/bid/105931Third Party AdvisoryVDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdfVendor Advisory

FAQ

What is CVE-2018-13814?

CVE-2018-13814 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F...

How severe is CVE-2018-13814?

CVE-2018-13814 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-13814?

Check the references section above for vendor advisories and patch information. Affected products include: Siemens Simatic Hmi Comfort Panels Firmware, Siemens Simatic Hmi Comfort Panels, Siemens Simatic Hmi Comfort Outdoor Panels Firmware, Siemens Simatic Hmi Comfort Outdoor Panels, Siemens Simatic Hmi Ktp Mobile Panels Ktp400F Firmware.