Siemens · Simatic Wincc Oa Ui For Android · CVE-2018-4844
**Name of the Vulnerable Software and Affected Versions**
SIMATIC WinCC OA UI for Android versions prior to V3.15.10
SIMATIC WinCC OA UI for iOS versions prior to V3.15.10
**Description**
A security issue has been identified due to insufficient limitation of CONTROL script capabilities, allowing read and write access between HMI project cache folders within the app's sandbox on the same mobile device. This could be exploited by an attacker who tricks a user into connecting to a controlled server, requiring user interaction and access to the app's folder. The issue could allow data reading and writing to the app's folder. No public exploitation was known at the time of publication.
**Recommendations**
For SIMATIC WinCC OA UI for Android versions prior to V3.15.10, update to version V3.15.10 or later.
For SIMATIC WinCC OA UI for iOS versions prior to V3.15.10, update to version V3.15.10 or later.