Vulnerability identifier: #VU15887
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Siemens SIMATIC WinCC
Server applications /
SCADA systems
SIMATIC HMI MP Mobile Panel
Server applications /
SCADA systems
SIMATIC HMI OP
Server applications /
SCADA systems
SIMATIC HMI MP
Server applications /
SCADA systems
SIMATIC HMI TP
Server applications /
SCADA systems
SIMATIC WinCC Runtime Advanced
Server applications /
SCADA systems
SIMATIC HMI KTP900F
Server applications /
SCADA systems
SIMATIC HMI KTP900
Server applications /
SCADA systems
SIMATIC HMI KTP700F
Server applications /
SCADA systems
SIMATIC HMI KTP700
Server applications /
SCADA systems
SIMATIC HMI KTP400F
Server applications /
SCADA systems
SIMATIC HMI Comfort Outdoor Panels 7” & 15”
Server applications /
SCADA systems
SIMATIC HMI Comfort Panels 4”-22”
Server applications /
SCADA systems
SIMATIC WinCC Runtime Professional
Server applications /
SCADA systems
Vendor: Siemens
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to directory traversal. A remote attacker with network access to the integrated web server can conduct directory traversal attack and download of arbitrary files from the device.
Mitigation
Update the affected products to version 15 Update 4.
Vulnerable software versions
Siemens SIMATIC WinCC: All versions
SIMATIC HMI MP Mobile Panel: All versions
SIMATIC HMI OP: All versions
SIMATIC HMI MP: All versions
SIMATIC HMI TP: All versions
SIMATIC WinCC Runtime Advanced: All versions
SIMATIC HMI KTP900F: All versions
SIMATIC HMI KTP900: All versions
SIMATIC HMI KTP700F: All versions
SIMATIC HMI KTP700: All versions
SIMATIC HMI KTP400F: All versions
SIMATIC HMI Comfort Outdoor Panels 7” & 15”: All versions
SIMATIC HMI Comfort Panels 4”-22”: All versions
SIMATIC WinCC Runtime Professional: All versions
External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-317-08
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.