Thursday, August 1, 2013

SSA-064884: WinCC/TIA Portal fixes



Siemens updates WinCC SCADA and TIA Portal to fix two minor issues in HMI panels discovered by our team:

  • CVE-2013-4911: CSRF (Cross-site request forgery) attacks, compromising integrity and availability of the system
  • CVE-2013-4912: URL redirection to untrusted websites

Thanks for Timur Yunusov and Sergey Bobrov for research and thanks for Siemens Product CERT for fix and collaboration.

Details

Siemens SSA-064884:


ICS-CERT ICSA-13-213-02:https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02

Enjoy

1 comment: