Full Disclosure mailing list archives
SSA-064884: WinCC/TIA Portal fixes
From: scadastrangelove <scadastrangelove () gmail com>
Date: Thu, 1 Aug 2013 21:26:52 +0400
Siemens updates WinCC SCADA and TIA Portal to fix two minor issues in HMI panels discovered by our team: CVE-2013-4911: CSRF (Cross-site request forgery) attacks, compromising integrity and availability of the system CVE-2013-4912: URL redirection to untrusted websites Thanks for Timur Yunusov and Sergey Bobrov for research and thanks for Siemens Product CERT for fix and collaboration. Details Siemens SSA-064884: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-064884.pdf ICS-CERT ICSA-13-213-02: https://ics-cert.us-cert.gov/advisories/ICSA-13-213-02 SCADA StrangeLove Blog: http://scadastrangelove.blogspot.com/2013/08/ssa-064884-wincctia-portal-fixes.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SSA-064884: WinCC/TIA Portal fixes scadastrangelove (Aug 01)