var-201812-0343
Vulnerability from variot

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains a path traversal vulnerability.Information may be obtained. Siemens SIMATIC Panels is prone to following security vulnerabilities: 1. An open-redirection vulnerability 2. A directory-traversal vulnerability Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site. are all HMI software used by Siemens in Germany to control and monitor machines and equipment

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0343",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "simatic hmi ktp mobile panels ktp400f",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic hmi op",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic wincc runtime",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic wincc \\",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic hmi tp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic hmi mp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "*"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp900",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic hmi comfort outdoor panels",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp700",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp900f",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic hmi ktp mobile panels ktp700f",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "15.0"
      },
      {
        "model": "simatic hmi comfort outdoor panels",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi ktp mobile panels ktp400f",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi ktp mobile panels ktp700",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi ktp mobile panels ktp700f",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi ktp mobile panels ktp900",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic hmi ktp mobile panels ktp900f",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic wincc",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": null,
        "trust": 0.8,
        "vendor": "siemens",
        "version": null
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15"
      },
      {
        "model": "simatic wincc runtime professional sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "14"
      },
      {
        "model": "simatic wincc runtime professional sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc runtime professional sp1 upd2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc runtime professional sp update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "1319"
      },
      {
        "model": "simatic wincc runtime professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15"
      },
      {
        "model": "simatic wincc runtime advanced sp1 upd2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic wincc runtime advanced sp1 upd5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "12"
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "12"
      },
      {
        "model": "simatic wincc runtime advanced",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v135"
      },
      {
        "model": "simatic wincc sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v12"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v120"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v110"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v15"
      },
      {
        "model": "simatic wincc update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v136"
      },
      {
        "model": "simatic wincc sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v13"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v13"
      },
      {
        "model": "simatic wincc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "v10"
      },
      {
        "model": "simatic hmi ktp mobile panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "4"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "22"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "15"
      },
      {
        "model": "simatic hmi comfort panels sp1 upd2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "13"
      },
      {
        "model": "simatic hmi comfort panels sp1 upd5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "12"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "12"
      },
      {
        "model": "simatic hmi comfort panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi comfort outdoor panels",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic hmi classic devices",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "0"
      },
      {
        "model": "simatic wincc runtime professional update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "154"
      },
      {
        "model": "simatic wincc runtime advanced update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "154"
      },
      {
        "model": "simatic wincc update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "154"
      },
      {
        "model": "simatic hmi ktp mobile panels update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "154"
      },
      {
        "model": "simatic hmi comfort panels update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "154"
      },
      {
        "model": "simatic hmi comfort outdoor panels update",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "154"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "105922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13812"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp400f_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp400f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp700f_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp700f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_ktp900f_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "15.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels_ktp900f:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime:*:*:*:*:professional:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_\\(tia_portal\\):*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_runtime:*:*:*:*:advanced:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "15.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_tp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_tp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_mp_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_mp:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_op_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_op:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13812"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hosni Tounsi from Carthage Red Team",
    "sources": [
      {
        "db": "BID",
        "id": "105922"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-13812",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-13812",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-123909",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2018-13812",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-13812",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201811-482",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-123909",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-482"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in SIMATIC HMI Comfort Panels 4\" - 22\" (All versions \u003c V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (All versions \u003c V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions \u003c V15 Update 4), SIMATIC WinCC Runtime Professional (All versions \u003c V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions \u003c V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. plural SIMATIC The product contains a path traversal vulnerability.Information may be obtained. Siemens SIMATIC Panels is prone to following security vulnerabilities:\n1. An open-redirection vulnerability\n2. A directory-traversal vulnerability\nRemote attackers may use a specially crafted request with  directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files from  the affected system in the context of the application or by constructing a crafted URI and enticing a user to follow it and when an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site. are all HMI software used by Siemens in Germany to control and monitor machines and equipment",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-13812"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      },
      {
        "db": "BID",
        "id": "105922"
      },
      {
        "db": "VULHUB",
        "id": "VHN-123909"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-13812",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "105922",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-233109",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-18-317-08",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014525",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-482",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-123909",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123909"
      },
      {
        "db": "BID",
        "id": "105922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-482"
      }
    ]
  },
  "id": "VAR-201812-0343",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123909"
      }
    ],
    "trust": 0.7526804766666667
  },
  "last_update_date": "2023-12-18T13:13:37.113000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-233109",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
      },
      {
        "title": "Multiple Siemens Product path traversal vulnerability fixes",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86883"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-482"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123909"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13812"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/105922"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-317-08"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13812"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13812"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-123909"
      },
      {
        "db": "BID",
        "id": "105922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-482"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-123909"
      },
      {
        "db": "BID",
        "id": "105922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-13812"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-482"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123909"
      },
      {
        "date": "2018-11-14T00:00:00",
        "db": "BID",
        "id": "105922"
      },
      {
        "date": "2019-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      },
      {
        "date": "2018-12-13T16:29:00.290000",
        "db": "NVD",
        "id": "CVE-2018-13812"
      },
      {
        "date": "2018-11-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-482"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-123909"
      },
      {
        "date": "2018-11-14T00:00:00",
        "db": "BID",
        "id": "105922"
      },
      {
        "date": "2019-03-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      },
      {
        "date": "2019-10-09T23:34:33.327000",
        "db": "NVD",
        "id": "CVE-2018-13812"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201811-482"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-482"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  SIMATIC Path traversal vulnerability in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-014525"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201811-482"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.