CVE-2018-4847
N/A
N/A
Summary
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens AG | SIMATIC WinCC OA Operator iOS App | All versions < V1.4 | affected |
Weaknesses
- CWE-538: CWE-538: File and Directory Information Exposure
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/103941
- https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf
References
- http://www.securityfocus.com/bid/103941
- https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.