Siemens has a mitigation plan to take care of a file and directory information exposure vulnerability in its Simatic WinCC OA iOS App, according to a report with ICS-CERT.
Successful exploitation of this vulnerability, discovered by Alexander Bolshev of IOActive and Ivan Yushkevich of Embedi, could allow an attacker with physical access to read sensitive data located in the app’s directory.
Simatic WinCC OA Operator iOS App: All Versions suffer from the vulnerability.
In the vulnerability, an attacker with physical access to the mobile device could read unencrypted sensitive data from the app’s directory.
CVE-2018-4847 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.0.
The product sees use in the chemical, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.
Siemens identified the following specific workarounds and mitigations:
• Toggle off the button to save password while logging in, and logout after every work session
• Follow the SIMATIC WinCC OA Security Guideline for maintaining a secured SIMATIC WinCC OA environment
• Siemens does not recommend to use the app in high security areas
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. An attacker with high skill level is needed to leverage the vulnerability.
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms.
In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for Industrial Security, and following the recommendations in the product manuals.
Click here for additional information on Industrial Security by Siemens.
For more information on this vulnerability and associated mitigation practices, see Siemens security advisory SSA-597741.