Thursday, August 1, 2013

SSA-064884: WinCC/TIA Portal fixes

Siemens updates WinCC SCADA and TIA Portal to fix two minor issues in HMI panels discovered by our team:

  • CVE-2013-4911: CSRF (Cross-site request forgery) attacks, compromising integrity and availability of the system
  • CVE-2013-4912: URL redirection to untrusted websites

Thanks for Timur Yunusov and Sergey Bobrov for research and thanks for Siemens Product CERT for fix and collaboration.


Siemens SSA-064884:

ICS-CERT ICSA-13-213-02:


No comments:

Post a Comment