HTTP header injection in Siemens Server applications

#VU15889 HTTP header injection in Siemens Server applications

Published: 2018-11-13 | Updated: 2018-11-14

Vulnerability identifier: #VU15889

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-13814

CWE-ID: CWE-113

Exploitation vector: Network

Exploit availability: No

Vendor: Siemens

Description

The vulnerability allows a remote attacker to inject HTTP header on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote unauthenticated attacker can trick the victim into clicking on a malicious link and use integrated web server (Port 80/TCP and Port 443/TCP) inject HTTP headers.

Mitigation
Update all affected products to version 15 Update 4.

Vulnerable software versions

SIMATIC HMI Comfort Panels 4”-22”: All versions

SIMATIC HMI Comfort Outdoor Panels 7” & 15”: All versions

SIMATIC HMI KTP900F: All versions

SIMATIC HMI KTP900: All versions

SIMATIC HMI KTP700F: All versions

SIMATIC HMI KTP700: All versions

SIMATIC HMI KTP400F: All versions

SIMATIC WinCC Runtime Professional: All versions

SIMATIC WinCC Runtime Advanced: All versions

SIMATIC WinCC (TIA Portal): All versions

SIMATIC HMI MP Mobile Panel: All versions

SIMATIC HMI OP: All versions

SIMATIC HMI MP: All versions

SIMATIC HMI TP: All versions

External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-317-03

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens SIMATIC panels