N/A

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known.

N/A

指向未可信站点的URL重定向(开放重定向)

多款Siemens产品安全漏洞

Siemens SIMATIC HMI Comfort Panels等都是德国西门子（Siemens）公司的用于操控和监控机器和设备的HMI软件。 多款Siemens产品中的webserver存在开放重定向漏洞。攻击者可借助恶意的链接利用该漏洞将用户重定向到不可信的网站。以下产品和版本受到影响：Siemens SIMATIC HMI Comfort Panels 4”-22” 15 Update 4之前版本；SIMATIC HMI Comfort Outdoor Panels 7” & 15” 15 Up

N/A

N/A