CVE-2018-13812 vulnerability in Siemens Products
Published on December 13, 2018
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). A directory traversal vulnerability could allow to download arbitrary files from the device. The security vulnerability could be exploited by an attacker with network access to the integrated web server. No user interaction and no authentication is required to exploit the vulnerability. The vulnerability impacts the confidentiality of the device. At the time of advisory publication no public exploitation of this security vulnerability was known.
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2018-13812 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2018-13812
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-13812 are published in these products:
Affected Versions
Siemens AG SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC WinCC Runtime Advanced, SIMATIC WinCC Runtime Professional, SIMATIC WinCC (TIA Portal), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel):- Version SIMATIC HMI Comfort Panels 4" - 22" : All versions < V15 Update 4 is affected.
- Version SIMATIC HMI Comfort Outdoor Panels 7" & 15" : All versions < V15 Update 4 is affected.
- Version SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F : All versions < V15 Update 4 is affected.
- Version SIMATIC WinCC Runtime Advanced : All versions < V15 Update 4 is affected.
- Version SIMATIC WinCC Runtime Professional : All versions < V15 Update 4 is affected.
- Version SIMATIC WinCC (TIA Portal) : All versions < V15 Update 4 is affected.
- Version SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) : All versions is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.