Thursday, August 1, 2013

SSA-064884: WinCC/TIA Portal fixes



Siemens updates WinCC SCADA and TIA Portal to fix two minor issues in HMI panels discovered by our team:

  • CVE-2013-4911: CSRF (Cross-site request forgery) attacks, compromising integrity and availability of the system
  • CVE-2013-4912: URL redirection to untrusted websites

Thanks for Timur Yunusov and Sergey Bobrov for research and thanks for Siemens Product CERT for fix and collaboration.

Details

Siemens SSA-064884:
 http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf


ICS-CERT ICSA-13-213-02:https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02

Enjoy
Posted by at
Labels: , , ,

1 comment:

Subscribe to: Post Comments (Atom)