-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 # SSA-597741: Vulnerability in iOS App SIMATIC WinCC OA Operator Publication Date: 2018-04-18 Last Update: 2018-10-09 Current Version: 1.1 CVSS v3.0 Base Score: 4.0 SUMMARY ======= The SIMATIC WinCC OA Operator iOS app is affected by a security vulnerability which could allow an attacker to read unencrypted data from the application’s directory. Precondition for this scenario is that an attacker has physical access to the mobile device. AFFECTED PRODUCTS AND SOLUTION ============================== * SIMATIC WinCC OA Operator iOS App - Affected versions: All versions < V1.4 - Remediation: Update to V1.4 - Download: https://itunes.apple.com/app/simatic-wincc-oa-operator/id681238489 WORKAROUNDS AND MITIGATIONS =========================== Siemens has identified the following specific workarounds and mitigations that customers can apply to reduce the risk: * Toggle off the button to save password while logging in and logout after every work session. * Follow the SIMATIC WinCC OA Security Guideline (available at https://portal.etm.at/index.php?option=com_phocadownload&view=category&id=52:security&Itemid=81) for maintaining a secured SIMATIC WinCC OA environment. GENERAL SECURITY RECOMMENDATIONS ================================ As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity PRODUCT DESCRIPTION =================== The SIMATIC WinCC OA Operator iOS app allows remote access to a SIMATIC WinCC OA facility with the mobile device. The app offers a limited amount of functionality which is programmed into the native app. VULNERABILITY CLASSIFICATION ============================ The vulnerability classification has been performed by using the CVSS scoring system in version 3.0 (CVSS v3.0) (https://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring. * Vulnerability CVE-2018-4847 Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens provides mitigations to resolve the security issue. CVSS v3.0 Base Score: 4.0 CVSS v3.0 Vector: CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:T/RC:C ACKNOWLEDGMENTS =============== Siemens thanks the following parties for their efforts: * Alexander Bolshev from IOActive for coordinated disclosure * Ivan Yushkevich from Embedi for coordinated disclosure ADDITIONAL INFORMATION ====================== For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories HISTORY DATA ============ V1.0 (2018-04-18): Publication Date V1.1 (2018-10-09): Added update for WinCC OA Operatopr App TERMS OF USE ============ Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJbu++AAAoJELtnleqOVdUumDwP/i4XUWTuCD4UiP1xnX2VKG5j t4x8hHS28yzY74QGYK/KEcefBtslNyBqevuB8GUbvWIQpPcMnWOl08qVEY30Vv1j CaYLE6lrtKZndrGmbQiV3B3r2H4E5v3WgepvznaJv2nPhgYOBS2/qgpacVfo25X6 R5qBnnUiY/+2jEcc9NpTmC2xtEw04lHI6Y6+s1tQbKz1UO0POH79sTG6WKiKVTcv RhSWJlQp92TMOacQLB12helWXW3T8GuprvmWcWVDGz/y3PrdSjWY8Qzx8HBWpvD2 +swt8V/whrweiYpzprJspCLQdqdY+Y1EhBcLhYJwfwEHCfT21OlHdu8/Dx9IVD96 CZqekqsTLPikh8DJhtAJIrC+sTwlxdYe6AioFgzd6AJeB7MujhwT5+9l8KB9uNQo yCv5mcYedBCbnKWXQv5FvA1kcDie3s+kFeWEsbka9N8yVnmvuNPHPmopI6DTItFT MZtEl7XEEvE2kTAcFSuBOGdP/pD0sfKTGxWXLVHEo/0JWf/PI/NEunA6N6BacDtd cfVXQkVSmmjtBtEdTW6sB06LB/lVnpnR4jW6qCBJf4RRIsLJLW+H5P6eRo1PrXwS hq8qPuvpny1Zr+3cOlWmAPVI9jG+ckKgNyouZxx/xD22zSj86XHGQViaoamB4OuK VFjcNty7w4ZKu9t0Rhsv =z7s7 -----END PGP SIGNATURE-----