Main Vulnerability Database Vulnerabilities #VU15887

Path traversal in Siemens products - CVE-2018-13812

Published: November 13, 2018 / Updated: July 27, 2020

Vulnerability identifier: #VU15887

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-13812

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Siemens

Affected software:
Siemens SIMATIC WinCC
SIMATIC HMI MP Mobile Panel
SIMATIC HMI OP
SIMATIC HMI MP
SIMATIC HMI TP
SIMATIC WinCC Runtime Advanced
SIMATIC HMI KTP900F
SIMATIC HMI KTP900
SIMATIC HMI KTP700F
SIMATIC HMI KTP700
SIMATIC HMI KTP400F
SIMATIC HMI Comfort Outdoor Panels 7” & 15”
SIMATIC HMI Comfort Panels 4”-22”
SIMATIC WinCC Runtime Professional

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to directory traversal. A remote attacker with network access to the integrated web server can conduct directory traversal attack and download of arbitrary files from the device.

How to mitigate CVE-2018-13812

Update the affected products to version 15 Update 4.

Sources

https://ics-cert.us-cert.gov/advisories/ICSA-18-317-08

Path traversal in Siemens products - CVE-2018-13812

Detailed vulnerability description

How to mitigate CVE-2018-13812

Sources

Please verify you're human