Siemens updates WinCC SCADA and TIA Portal to fix two minor
issues in HMI panels discovered by our team:
- CVE-2013-4911: CSRF (Cross-site request forgery) attacks, compromising integrity and availability of the system
- CVE-2013-4912: URL redirection to untrusted websites
Thanks for Timur Yunusov and Sergey Bobrov for research and thanks for Siemens Product CERT for fix and collaboration.
Details
Siemens SSA-064884:
ICS-CERT ICSA-13-213-02:https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02
Enjoy
No comments:
Post a Comment