HTTP header injection in Siemens products - CVE-2018-13814

Vulnerability identifier: #VU15889

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-13814

CWE-ID: CWE-113

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Siemens

Affected software:
SIMATIC HMI Comfort Panels 4”-22”
SIMATIC HMI Comfort Outdoor Panels 7” & 15”
SIMATIC HMI KTP900F
SIMATIC HMI KTP900
SIMATIC HMI KTP700F
SIMATIC HMI KTP700
SIMATIC HMI KTP400F
SIMATIC WinCC Runtime Professional
SIMATIC WinCC Runtime Advanced
SIMATIC WinCC (TIA Portal)
SIMATIC HMI MP Mobile Panel
SIMATIC HMI OP
SIMATIC HMI MP
SIMATIC HMI TP

The vulnerability allows a remote attacker to inject HTTP header on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote unauthenticated attacker can trick the victim into clicking on a malicious link and use integrated web server (Port 80/TCP and Port 443/TCP) inject HTTP headers.

Update all affected products to version 15 Update 4.

• https://ics-cert.us-cert.gov/advisories/ICSA-18-317-03