CVE-2018-13814

Name: CVE-2018-13814
Creator: NVD / NIST
Published: 2018-12-13T16:29:00.35+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.68%

Last modified Jun 17, 2026

CVE-2018-13814 is a vulnerability of currently unknown severity. A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. EPSS estimates a 1.68% chance of exploitation in the next 30 days.

Description

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V14), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V14), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V14), SIMATIC WinCC Runtime Advanced (All versions < V14), SIMATIC WinCC Runtime Professional (All versions < V14), SIMATIC WinCC (TIA Portal) (All versions < V14), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The integrated web server (port 80/tcp and port 443/tcp) of the affected devices could allow an attacker to inject HTTP headers. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

Metrics

EPSS Probability

1.68%

74.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Siemens	Simatic Hmi Comfort Panels Firmware	< 14.0
Siemens	Simatic Hmi Comfort Outdoor Panels Firmware	< 14.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp400f Firmware	< 14.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700 Firmware	< 14.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp700f Firmware	< 14.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900 Firmware	< 14.0
Siemens	Simatic Hmi Ktp Mobile Panels Ktp900f Firmware	< 14.0
Siemens	Simatic Wincc \(Tia Portal\)	< 14.0
Siemens	Simatic Wincc Runtime	< 14.0
Siemens	Simatic Hmi Tp Firmware	All versions
Siemens	Simatic Hmi Mp Firmware	All versions
Siemens	Simatic Hmi Op Firmware	All versions

References

http://www.securityfocus.com/bid/105931Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdfVendor Advisory
http://www.securityfocus.com/bid/105931Third Party Advisory, VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-944083.pdfVendor Advisory

Timeline

Published: Dec 13, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-13814?

How severe is CVE-2018-13814?

Severity scoring for CVE-2018-13814 is pending analysis. The EPSS model estimates a 1.68% probability of exploitation in the next 30 days.

How do I fix CVE-2018-13814?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-13814?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST