CVE-2018-13812

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGH

EPSS

7.9%

top 7.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Simatic HMI Comfort Outdoor Panels Firmware Siemens Simatic HMI Comfort Panels Firmware Siemens Simatic HMI KTP Mobile Panels Ktp400f Firmware +6 more

Timeline

PublishedDec 13

Latest updateMay 13

Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp700_firmware15.0

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp900_firmware15.0

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp700f_firmware15.0

▶NVDsiemens/simatic_hmi_ktp_mobile_panels_ktp900f_firmware15.0

▶NVDsiemens/simatic_hmi_comfort_outdoor_panels_firmware15.0

🔴Vulnerability Details

GHSA

GHSA-v99p-r9xp-cghh: A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15"↗2022-05-13

▶

CVEList

CVE-2018-13812: A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15"↗2018-12-13

▶