← Back to home
SIEMENS-SSA-822928  ·  Published 2018-03-20  ·  View on Siemens ProductCERT ↗

SSA-822928 (Last Update: 2018-03-20): Access Control Vulnerability in SIMATIC WinCC OA UI Mobile App for Android and iOS

CVSS N/A MEDIUM

Risk Summary

<p>The latest update for the Android app and iOS app SIMATIC WinCC OA UI fix a security vulnerability which could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. Precondition for this scenario is that an attacker tricks an app user to connect to an attacker-controlled WinCC OA server.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-822928 (Last Update: 2018-03-20): Access Control Vulnerability in SIMATIC WinCC OA UI Mobile App for Android and iOS See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more