CVE-2018-4847

4.6MEDIUM

Key Information:

Vendor: Siemens
Status: Simatic Wincc Oa Operator iOS App
Vendor: CVE Published:; 23 April 2018

Summary

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.

Affected Version(s)

SIMATIC WinCC OA Operator iOS App All versions < V1.4

References

http://www.securityfocus.com/bid/103941

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-59774...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2018
Vulnerability Reserved
Jan 2, 2018