CVE-2018-13804

CWE-287 — Improper Authentication3 documents3 sources

Severity

8.1HIGH

EPSS

3.4%

top 12.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic IT UA Discrete Manufacturing Siemens Simatic IT Production Suite

Timeline

PublishedDec 13

Latest updateMay 13

Description

A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication…

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDsiemens/simatic_it_ua_discrete_manufacturingv1.2+3

▶NVDsiemens/simatic_it_production_suitev7.1

🔴Vulnerability Details

GHSA

GHSA-hf5v-q9xg-wmjx: A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7↗2022-05-13

▶

CVEList

CVE-2018-13804: A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7↗2018-12-13

▶