CVE-2018-13804
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-13804
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in SIMATIC IT LMS (All versions), SIMATIC IT Production Suite (Versions V7.1 < V7.1 Upd3), SIMATIC IT UA Discrete Manufacturing (Versions < V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.2), SIMATIC IT UA Discrete Manufacturing (Versions V1.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.3), SIMATIC IT UA Discrete Manufacturing (Versions V2.4). An attacker with network access to the installation could bypass the application-level authentication. In order to exploit the vulnerability, an attacker must obtain network access to an affected installation and must obtain a valid username to the system. Successful exploitation requires no user privileges and no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this vulnerability was known.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens SIMATIC IT LMS、SIMATIC IT Production Suite和SIMATIC IT UA Discrete Manufacturing都是德国西门子(Siemens)公司的产品。Siemens SIMATIC IT LMS是一套总体设备效能(OEE)的线路监控系统。SIMATIC IT Production Suite是一套工厂生产管理套件。SIMATIC IT UA Discrete Manufacturing是一套为制造业提供结构化服务的解决方案。 Siemen
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Siemens AG | SIMATIC IT LMS, SIMATIC IT Production Suite, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing, SIMATIC IT UA Discrete Manufacturing | SIMATIC IT LMS : All versions | - |
II. Public POCs for CVE-2018-13804
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-13804
请登录查看更多情报信息。
Same Patch Batch · Siemens AG · 2018-12-13 · 7 CVEs total
| CVE-2018-13811 | Siemens SIMATIC STEP 7 安全漏洞 | |
| CVE-2018-13812 | 多款Siemens产品路径遍历漏洞 | |
| CVE-2018-13813 | 多款Siemens产品安全漏洞 | |
| CVE-2018-13814 | Siemens SIMATIC Panels和SIMATIC WinCC 代码注入漏洞 | |
| CVE-2018-13815 | Siemens SIMATIC S7-1200和SIMATIC S7-1500 安全漏洞 | |
| CVE-2018-16555 | 多款Siemens产品跨站脚本漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2018-13804
No comments yet