CVE-2018-4847
MEDIUMSIMATIC WinCC OA Operator iOS App < V1.4 - Info Disclosure
Title source: llmDescription
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103941
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf
Scores
CVSS v3
4.6
EPSS
0.0028
EPSS Percentile
19.3%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-311
CWE-538
Status
published
Products (1)
siemens/simatic_wincc_oa_operator
Published
Apr 23, 2018
Tracked Since
Feb 18, 2026