Sign-up

ID

VAR-201803-2160


CVE

CVE-2018-4844


TITLE

SIMATIC WinCC OA UI Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003347

DESCRIPTION

A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app's folder on a mobile device. The vulnerability could allow reading data from and writing data to the app's folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. SIMATIC WinCC OA UI Contains an access control vulnerability.Information may be obtained and information may be altered. Siemens SIMATIC WinCC OA UI for Android is a set of SCADA system control interface based on Android platform. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Trust: 2.7

sources: NVD: CVE-2018-4844 // JVNDB: JVNDB-2018-003347 // CNVD: CNVD-2018-06261 // BID: 103475 // IVD: e2e9931f-39ab-11e9-af6a-000c29342cb1 // VULMON: CVE-2018-4844

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2e9931f-39ab-11e9-af6a-000c29342cb1 // CNVD: CNVD-2018-06261

AFFECTED PRODUCTS

vendor:siemensmodel:simatic wincc oa uiscope:ltversion:3.15.10

Trust: 1.0

vendor:siemensmodel:wincc oa mobile uiscope:ltversion:3.15.10 (android)

Trust: 0.8

vendor:siemensmodel:wincc oa mobile uiscope:ltversion:3.15.10 (ios)

Trust: 0.8

vendor:siemensmodel:simatic wincc oa ui for androidscope:ltversion:v3.15.10

Trust: 0.6

vendor:siemensmodel:simatic wincc oa ui for iosscope:ltversion:v3.15.10

Trust: 0.6

vendor:simatic wincc oa uimodel: - scope:eqversion:*

Trust: 0.4

vendor:siemensmodel:simatic wincc oa uiscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:simatic wincc oa uiscope:neversion:3.15.10

Trust: 0.3

sources: IVD: e2e9931f-39ab-11e9-af6a-000c29342cb1 // CNVD: CNVD-2018-06261 // BID: 103475 // JVNDB: JVNDB-2018-003347 // NVD: CVE-2018-4844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4844
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4844
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-06261
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-722
value: MEDIUM

Trust: 0.6

IVD: e2e9931f-39ab-11e9-af6a-000c29342cb1
value: MEDIUM

Trust: 0.2

VULMON: CVE-2018-4844
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-4844
severity: LOW
baseScore: 3.8
vectorString: AV:A/AC:M/AU:S/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-06261
severity: MEDIUM
baseScore: 5.3
vectorString: AV:A/AC:H/AU:N/C:C/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.2
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2e9931f-39ab-11e9-af6a-000c29342cb1
severity: MEDIUM
baseScore: 5.3
vectorString: AV:A/AC:H/AU:N/C:C/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.2
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-4844
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.5
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2018-4844
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: e2e9931f-39ab-11e9-af6a-000c29342cb1 // CNVD: CNVD-2018-06261 // VULMON: CVE-2018-4844 // JVNDB: JVNDB-2018-003347 // CNNVD: CNNVD-201803-722 // NVD: CVE-2018-4844

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.8

problemtype:CWE-269

Trust: 1.0

sources: JVNDB: JVNDB-2018-003347 // NVD: CVE-2018-4844

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201803-722

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-722

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003347

PATCH
title:SSA-822928url:https://cert-portal.siemens.com/productcert/pdf/ssa-822928.pdf
Trust: 0.8
title:Siemens SIMATIC WinCC OA UI for Android and iOS access patches for bypassing vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/123057
Trust: 0.6
title:Siemens SIMATIC WinCC OA UI for Android  and iOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79322
Trust: 0.6
title: - url:https://github.com/zzzteph/zzzteph 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06261 // 
            
            
            
            VULMON: CVE-2018-4844 // 
            
            
            
            JVNDB: JVNDB-2018-003347 // 
            
            
            
            CNNVD: CNNVD-201803-722

EXTERNAL IDS
db:NVDid:CVE-2018-4844
Trust: 3.6
db:SIEMENSid:SSA-822928
Trust: 2.6
db:BIDid:103475
Trust: 2.6
db:ICS CERTid:ICSA-18-081-01
Trust: 2.5
db:CNVDid:CNVD-2018-06261
Trust: 0.8
db:CNNVDid:CNNVD-201803-722
Trust: 0.8
db:JVNDBid:JVNDB-2018-003347
Trust: 0.8
db:IVDid:E2E9931F-39AB-11E9-AF6A-000C29342CB1
Trust: 0.2
db:VULMONid:CVE-2018-4844
Trust: 0.1
sources:
            
            
            IVD: e2e9931f-39ab-11e9-af6a-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-06261 // 
            
            
            
            VULMON: CVE-2018-4844 // 
            
            
            
            BID: 103475 // 
            
            
            
            JVNDB: JVNDB-2018-003347 // 
            
            
            
            CNNVD: CNNVD-201803-722 // 
            
            
            
            NVD: CVE-2018-4844

REFERENCES
url:https://cert-portal.siemens.com/productcert/pdf/ssa-822928.pdf
Trust: 2.6
url:https://ics-cert.us-cert.gov/advisories/icsa-18-081-01
Trust: 2.6
url:http://www.securityfocus.com/bid/103475
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4844
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4844
Trust: 0.8
url:http://subscriber.communications.siemens.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/269.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/zzzteph/zzzteph
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06261 // 
            
            
            
            VULMON: CVE-2018-4844 // 
            
            
            
            BID: 103475 // 
            
            
            
            JVNDB: JVNDB-2018-003347 // 
            
            
            
            CNNVD: CNNVD-201803-722 // 
            
            
            
            NVD: CVE-2018-4844

CREDITS
Alexander Bolshev from IOActive and Ivan Yushkevich from Embedi
Trust: 0.3
sources:
            
            
            BID: 103475

SOURCES
db:IVDid:e2e9931f-39ab-11e9-af6a-000c29342cb1
db:CNVDid:CNVD-2018-06261
db:VULMONid:CVE-2018-4844
db:BIDid:103475
db:JVNDBid:JVNDB-2018-003347
db:CNNVDid:CNNVD-201803-722
db:NVDid:CVE-2018-4844

LAST UPDATE DATE
2024-08-14T15:13:12.282000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06261date:2018-03-27T00:00:00
db:VULMONid:CVE-2018-4844date:2019-10-09T00:00:00
db:BIDid:103475date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003347date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-722date:2019-10-17T00:00:00
db:NVDid:CVE-2018-4844date:2023-03-24T17:36:26.793

SOURCES RELEASE DATE
db:IVDid:e2e9931f-39ab-11e9-af6a-000c29342cb1date:2018-03-26T00:00:00
db:CNVDid:CNVD-2018-06261date:2018-03-26T00:00:00
db:VULMONid:CVE-2018-4844date:2018-03-20T00:00:00
db:BIDid:103475date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003347date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-722date:2018-03-21T00:00:00
db:NVDid:CVE-2018-4844date:2018-03-20T14:29:00.477