VAR-201804-1649
Vulnerability from variot - Updated: 2023-12-18 14:01A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue. Allows an attacker to read unencrypted data from the application's directory. A prerequisite for this is that an attacker can physically access the mobile device. Attackers with physical access to device can exploit this issue to obtain sensitive information that may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-1649",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc oa operator",
"scope": "eq",
"trust": 1.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc oa operator ios app",
"scope": "eq",
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc oa operator ios",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc oa operator ios app",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc oa operator",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07848"
},
{
"db": "BID",
"id": "103941"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004493"
},
{
"db": "NVD",
"id": "CVE-2018-4847"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1344"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:simatic_wincc_oa_operator:-:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4847"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Bolshev of IOActive and Ivan Yushkevich of Embedi.",
"sources": [
{
"db": "BID",
"id": "103941"
}
],
"trust": 0.3
},
"cve": "CVE-2018-4847",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-4847",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-07848",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-4847",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-4847",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-07848",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-1344",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-4847",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07848"
},
{
"db": "VULMON",
"id": "CVE-2018-4847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004493"
},
{
"db": "NVD",
"id": "CVE-2018-4847"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1344"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions \u003c V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app\u0027s directory. Siemens provides mitigations to resolve the security issue. Allows an attacker to read unencrypted data from the application\u0027s directory. A prerequisite for this is that an attacker can physically access the mobile device. \nAttackers with physical access to device can exploit this issue to obtain sensitive information that may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-4847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004493"
},
{
"db": "CNVD",
"id": "CNVD-2018-07848"
},
{
"db": "BID",
"id": "103941"
},
{
"db": "IVD",
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1"
},
{
"db": "VULMON",
"id": "CVE-2018-4847"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-4847",
"trust": 3.6
},
{
"db": "SIEMENS",
"id": "SSA-597741",
"trust": 2.6
},
{
"db": "BID",
"id": "103941",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-18-109-01",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2018-07848",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1344",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004493",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EC2B31-39AB-11E9-96EB-000C29342CB1",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2018-4847",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07848"
},
{
"db": "VULMON",
"id": "CVE-2018-4847"
},
{
"db": "BID",
"id": "103941"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004493"
},
{
"db": "NVD",
"id": "CVE-2018-4847"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1344"
}
]
},
"id": "VAR-201804-1649",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07848"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07848"
}
]
},
"last_update_date": "2023-12-18T14:01:17.778000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-597741",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf"
},
{
"title": "Patch for SIMATIC WinCC OA Operator iOS Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/125999"
},
{
"title": "Siemens SIMATIC WinCC OA Operator iOS App Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79630"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/zzzteph/zzzteph "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07848"
},
{
"db": "VULMON",
"id": "CVE-2018-4847"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004493"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1344"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004493"
},
{
"db": "NVD",
"id": "CVE-2018-4847"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/103941"
},
{
"trust": 1.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-109-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4847"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4847"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/311.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/zzzteph/zzzteph"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-07848"
},
{
"db": "VULMON",
"id": "CVE-2018-4847"
},
{
"db": "BID",
"id": "103941"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004493"
},
{
"db": "NVD",
"id": "CVE-2018-4847"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1344"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07848"
},
{
"db": "VULMON",
"id": "CVE-2018-4847"
},
{
"db": "BID",
"id": "103941"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004493"
},
{
"db": "NVD",
"id": "CVE-2018-4847"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1344"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "IVD",
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1"
},
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07848"
},
{
"date": "2018-04-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4847"
},
{
"date": "2018-04-19T00:00:00",
"db": "BID",
"id": "103941"
},
{
"date": "2018-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004493"
},
{
"date": "2018-04-23T16:29:00.213000",
"db": "NVD",
"id": "CVE-2018-4847"
},
{
"date": "2018-04-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1344"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-07848"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2018-4847"
},
{
"date": "2018-04-19T00:00:00",
"db": "BID",
"id": "103941"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004493"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-4847"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-1344"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "103941"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-1344"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SIMATIC WinCC OA Operator iOS Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2ec2b31-39ab-11e9-96eb-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-07848"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-1344"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…