CVE-2018-13799 - AskarLabs CVE Database

CVE-2018-13799

Vendor Siemens Ag

Product SIMATIC WinCC OA V3.14 and prior

Weakness CWE-269

Published September 12, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the context of SIMATIC WinCC OA V3.14. This vulnerability could be exploited by an attacker with network access to port 5678/TCP of the SIMATIC WinCC OA V3.14 server. Successful exploitation requires no user privileges and no user interaction. This vulnerability could allow an attacker to compromise integrity and availability of the SIMATIC WinCC OA system. At the time of advisory publication no public exploitation of this vulnerability was known.

Key dates

02Disclosure timeline

September 12, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-13799 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

04Related CVE

CVE-2024-13975 Commvault 11.20.0 - 11.36.0 Windows Access Nodes Compromise via Local File Server Agent Abuse CVE-2026-34397 himmelblau: NSS fake-primary group lookup reintroduces name collision risk CVE-2024-31237 WordPress s2Member plugin <= 240315 - Privilege Escalation vulnerability CVE-2026-50564 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape CVE-2024-6411 ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation