#VU15889 HTTP header injection in Siemens products - CVE-2018-13814

Cybersecurity Help s.r.o.

Published: 2018-11-13 | Updated: 2018-11-14

Vulnerability identifier: #VU15889

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-13814

CWE-ID: CWE-113

Exploitation vector: Network

Exploit availability: No

Vendor: Siemens

Description

The vulnerability allows a remote attacker to inject HTTP header on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote unauthenticated attacker can trick the victim into clicking on a malicious link and use integrated web server (Port 80/TCP and Port 443/TCP) inject HTTP headers.

Mitigation
Update all affected products to version 15 Update 4.

Vulnerable software versions

SIMATIC HMI Comfort Panels 4”-22”: before 15 Update 4

SIMATIC HMI Comfort Outdoor Panels 7” & 15”: before 15 Update 4

SIMATIC HMI KTP900F: before 15 Update 4

SIMATIC HMI KTP900: before 15 Update 4

SIMATIC HMI KTP700F: before 15 Update 4

SIMATIC HMI KTP700: before 15 Update 4

SIMATIC HMI KTP400F: before 15 Update 4

SIMATIC WinCC Runtime Professional: before 15 Update 4

SIMATIC WinCC Runtime Advanced: before 15 Update 4

SIMATIC WinCC (TIA Portal): before 15 Update 4

SIMATIC HMI MP Mobile Panel: before 15 Update 4

SIMATIC HMI OP: before 15 Update 4

SIMATIC HMI MP: before 15 Update 4

SIMATIC HMI TP: before 15 Update 4

External links
https://ics-cert.us-cert.gov/advisories/ICSA-18-317-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens SIMATIC panels