SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Siemens SIMATIC WinCC Vendors:   Siemens
Siemens WinCC TIA Portal BUgs Permit Cross-Site Request Forgery and URL Redirection Attacks
SecurityTracker Alert ID:  1028870
SecurityTracker URL:  http://securitytracker.com/id/1028870
CVE Reference:   CVE-2013-4911, CVE-2013-4912   (Links to External Site)
Date:  Aug 2 2013
Impact:   Execution of arbitrary code via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 11, 12
Description:   Two vulnerabilities were reported in Siemens WinCC TIA Portal. A remote user can conduct cross-site request forgery attacks. A remote user can conduct URL redirection attacks.

The HMI panel does not properly validate user-supplied. A remote user can take actions on the target interface acting as the target user [CVE-2013-4911].

A remote user can create a URL that, when loaded by the target user, will redirect the target user's browser to an arbitrary site [CVE-2013-4912].

Timur Yunusov and Sergey Bobrov from Positive Technologies reported these vulnerabilities.

Impact:   A remote user can take actions on the target system acting as the target user.

A remote user can conduct URL redirection attacks.

Solution:   The vendor has issued a fix (12 SP1).

The vendor's advisory is available at:

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf

Vendor URL:  www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC