CVE-2013-4911

Name of the Vulnerable Software and Affected Versions Siemens WinCC (TIA Portal) versions 11 through 12 before 12 SP1

Description A cross-site request forgery (CSRF) issue exists due to improper configuration of SIMATIC HMI panels by the WinCC product, allowing remote attackers to hijack the authentication of victims.

Recommendations For versions 11 through 12 before 12 SP1, update to version 12 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIMATIC HMI panels to minimize the risk of exploitation.