The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of SIMATIC WinCC OA UI for Android/iOS: read-write access via HMI Project Cache

Synthesis of the vulnerability 

An attacker can bypass access restrictions via HMI Project Cache of SIMATIC WinCC OA UI for Android/iOS, in order to read or alter data.
Impacted products: Android Applications ~ not comprehensive, SIMATIC.
Severity of this bulletin: 2/4.
Creation date: 21/03/2018.
Références of this threat: CERTFR-2018-AVI-140, CVE-2018-4844, SSA-822928, VIGILANCE-VUL-25611.

Description of the vulnerability 

An attacker can bypass access restrictions via HMI Project Cache of SIMATIC WinCC OA UI for Android/iOS, in order to read or alter data.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness alert impacts software or systems such as Android Applications ~ not comprehensive, SIMATIC.

Our Vigil@nce team determined that the severity of this weakness note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness bulletin.

Solutions for this threat 

SIMATIC WinCC OA UI for Android/iOS: version 3.15.10.
The version 3.15.10 is fixed:
  https://play.google.com/store/apps/details?id=com.siemens.winccoaui
  https://itunes.apple.com/us/app/simatic-wincc-oa-ui/id1073943068
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides an application vulnerability workaround. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.