PT-2018-16563 · Siemens · Simatic Wincc Oa Ui For Android+1
Alexander Bolshev
+1
·
Published
2018-03-20
·
Updated
2023-03-24
·
CVE-2018-4844
CVSS v3.1
6.7
Medium
| Vector | AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
SIMATIC WinCC OA UI for Android versions prior to V3.15.10
SIMATIC WinCC OA UI for iOS versions prior to V3.15.10
Description
A security issue has been identified due to insufficient limitation of CONTROL script capabilities, allowing read and write access between HMI project cache folders within the app's sandbox on the same mobile device. This could be exploited by an attacker who tricks a user into connecting to a controlled server, requiring user interaction and access to the app's folder. The issue could allow data reading and writing to the app's folder. No public exploitation was known at the time of publication.
Recommendations
For SIMATIC WinCC OA UI for Android versions prior to V3.15.10, update to version V3.15.10 or later.
For SIMATIC WinCC OA UI for iOS versions prior to V3.15.10, update to version V3.15.10 or later.
Fix
Improper Access Control
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simatic Wincc Oa Ui For Android
Simatic Wincc Oa Ui For Ios