SB2018111410 - Multiple vulnerabilities in Siemens SIMATIC panels

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2018-13812)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to directory traversal. A remote attacker with network access to the integrated web server can conduct directory traversal attack and download of arbitrary files from the device.

2) Open redirect (CVE-ID: CVE-2018-13813)

The vulnerability allows a remote attacker to redirect victims to arbitrary URI.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary URI.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information

3) HTTP header injection (CVE-ID: CVE-2018-13814)

The vulnerability allows a remote attacker to inject HTTP header on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote unauthenticated attacker can trick the victim into clicking on a malicious link and use integrated web server (Port 80/TCP and Port 443/TCP) inject HTTP headers.

Remediation

Install update from vendor's website.

References

• https://ics-cert.us-cert.gov/advisories/ICSA-18-317-08
• https://ics-cert.us-cert.gov/advisories/ICSA-18-317-03