PT-2013-5266 · Siemens · Simatic Hmi+1
Sergey Bobrov
+1
·
Published
2013-07-31
·
Updated
2017-08-29
·
CVE-2013-4911
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Siemens WinCC (TIA Portal) versions 11 through 12 before 12 SP1
Description
A cross-site request forgery (CSRF) issue exists due to improper configuration of SIMATIC HMI panels by the WinCC product, allowing remote attackers to hijack the authentication of victims.
Recommendations
For versions 11 through 12 before 12 SP1, update to version 12 SP1 or later to resolve the issue. As a temporary workaround, consider restricting access to the SIMATIC HMI panels to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simatic Hmi
Wincc