Vulnerability CVE-2018-4847
Published: 2018-04-23

Description:
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.

Type:

CWE-311

 (Missing Encryption of Sensitive Data)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Siemens -> Simatic wincc oa operator 

 References:
http://www.securityfocus.com/bid/103941
https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf
Copyright 2024, cxsecurity.com

 

Back to Top