CVE-2018-13813

Name: CVE-2018-13813
Creator: NVD / NIST
Published: 2018-12-13T16:29:00.32+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.68%

Last modified Jun 17, 2026

CVE-2018-13813 is a vulnerability of currently unknown severity. A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. EPSS estimates a 1.68% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Metrics

EPSS Probability

1.68%

74.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	Simatic Hmi Comfort Panels Firmware	<= 15.0
Siemens	Simatic Hmi Comfort Outdoor Panels Firmware	<= 15.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp400f Firmware	<= 15.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700 Firmware	<= 15.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700f Firmware	<= 15.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900 Firmware	<= 15.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900f Firmware	<= 15.0
Siemens	Simatic Wincc \(Tia Portal\)	<= 15.0
Siemens	Simatic Wincc Runtime	<= 15.0
Siemens	Simatic Hmi Tp Firmware	All versions
Siemens	Simatic Hmi Mp Firmware	All versions
Siemens	Simatic Hmi Op Firmware	All versions

References

http://www.securityfocus.com/bid/105922Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdfVendor Advisory
http://www.securityfocus.com/bid/105922Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-233109.pdfVendor Advisory

Timeline

Published: Dec 13, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-13813?

How severe is CVE-2018-13813?

Severity scoring for CVE-2018-13813 is pending analysis. The EPSS model estimates a 1.68% probability of exploitation in the next 30 days.

How do I fix CVE-2018-13813?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-13813?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST