Details of VAR-201804-1649

ID

VAR-201804-1649

CVE

CVE-2018-4847

TITLE

SIMATIC WinCC OA Operator iOS Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: e2ec2b31-39ab-11e9-96eb-000c29342cb1 // CNVD: CNVD-2018-07848

DESCRIPTION

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue. Allows an attacker to read unencrypted data from the application's directory. A prerequisite for this is that an attacker can physically access the mobile device. Attackers with physical access to device can exploit this issue to obtain sensitive information that may aid in further attacks

Trust: 2.7

sources: NVD: CVE-2018-4847 // JVNDB: JVNDB-2018-004493 // CNVD: CNVD-2018-07848 // BID: 103941 // IVD: e2ec2b31-39ab-11e9-96eb-000c29342cb1 // VULMON: CVE-2018-4847

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2ec2b31-39ab-11e9-96eb-000c29342cb1 // CNVD: CNVD-2018-07848

AFFECTED PRODUCTS

vendor:	siemens	model:	simatic wincc oa operator	scope:	eq	version:	-	Trust: 1.6
vendor:	siemens	model:	simatic wincc oa operator ios app	scope:	eq	version:	-	Trust: 0.8
vendor:	siemens	model:	simatic wincc oa operator ios	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	simatic wincc oa operator ios app	scope:	eq	version:	0	Trust: 0.3
vendor:	simatic wincc oa operator	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e2ec2b31-39ab-11e9-96eb-000c29342cb1 // CNVD: CNVD-2018-07848 // BID: 103941 // JVNDB: JVNDB-2018-004493 // CNNVD: CNNVD-201804-1344 // NVD: CVE-2018-4847

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-4847
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-4847
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-07848
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201804-1344
value:	MEDIUM
Trust: 0.6
IVD:	e2ec2b31-39ab-11e9-96eb-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULMON:	CVE-2018-4847
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-4847
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-07848
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:H/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ec2b31-39ab-11e9-96eb-000c29342cb1
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:H/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-4847
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2ec2b31-39ab-11e9-96eb-000c29342cb1 // CNVD: CNVD-2018-07848 // VULMON: CVE-2018-4847 // JVNDB: JVNDB-2018-004493 // CNNVD: CNNVD-201804-1344 // NVD: CVE-2018-4847

PROBLEMTYPE DATA

problemtype:	CWE-311	Trust: 1.0
problemtype:	CWE-538	Trust: 1.0
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2018-004493 // NVD: CVE-2018-4847

THREAT TYPE

local

Trust: 0.9

sources: BID: 103941 // CNNVD: CNNVD-201804-1344

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-1344

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004493

PATCH

title:	SSA-597741	url:	https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf	Trust: 0.8
title:	Patch for SIMATIC WinCC OA Operator iOS Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/125999	Trust: 0.6
title:	Siemens SIMATIC WinCC OA Operator iOS App Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79630	Trust: 0.6
title:	-	url:	https://github.com/zzzteph/zzzteph	Trust: 0.1

sources: CNVD: CNVD-2018-07848 // VULMON: CVE-2018-4847 // JVNDB: JVNDB-2018-004493 // CNNVD: CNNVD-201804-1344

EXTERNAL IDS

db:	NVD	id:	CVE-2018-4847	Trust: 3.6
db:	SIEMENS	id:	SSA-597741	Trust: 2.6
db:	BID	id:	103941	Trust: 2.0
db:	ICS CERT	id:	ICSA-18-109-01	Trust: 1.2
db:	CNVD	id:	CNVD-2018-07848	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1344	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-004493	Trust: 0.8
db:	IVD	id:	E2EC2B31-39AB-11E9-96EB-000C29342CB1	Trust: 0.2
db:	VULMON	id:	CVE-2018-4847	Trust: 0.1

sources: IVD: e2ec2b31-39ab-11e9-96eb-000c29342cb1 // CNVD: CNVD-2018-07848 // VULMON: CVE-2018-4847 // BID: 103941 // JVNDB: JVNDB-2018-004493 // CNNVD: CNNVD-201804-1344 // NVD: CVE-2018-4847

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-597741.pdf	Trust: 2.6
url:	http://www.securityfocus.com/bid/103941	Trust: 1.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-109-01	Trust: 1.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4847	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-4847	Trust: 0.8
url:	http://subscriber.communications.siemens.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/311.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/zzzteph/zzzteph	Trust: 0.1

sources: CNVD: CNVD-2018-07848 // VULMON: CVE-2018-4847 // BID: 103941 // JVNDB: JVNDB-2018-004493 // CNNVD: CNNVD-201804-1344 // NVD: CVE-2018-4847

CREDITS

Alexander Bolshev of IOActive and Ivan Yushkevich of Embedi.

Trust: 0.3

sources: BID: 103941

SOURCES

db:	IVD	id:	e2ec2b31-39ab-11e9-96eb-000c29342cb1
db:	CNVD	id:	CNVD-2018-07848
db:	VULMON	id:	CVE-2018-4847
db:	BID	id:	103941
db:	JVNDB	id:	JVNDB-2018-004493
db:	CNNVD	id:	CNNVD-201804-1344
db:	NVD	id:	CVE-2018-4847

LAST UPDATE DATE

2024-11-23T23:05:07.879000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-07848	date:	2018-04-19T00:00:00
db:	VULMON	id:	CVE-2018-4847	date:	2019-10-03T00:00:00
db:	BID	id:	103941	date:	2018-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2018-004493	date:	2018-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201804-1344	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-4847	date:	2024-11-21T04:07:34.623

SOURCES RELEASE DATE

db:	IVD	id:	e2ec2b31-39ab-11e9-96eb-000c29342cb1	date:	2018-04-19T00:00:00
db:	CNVD	id:	CNVD-2018-07848	date:	2018-04-19T00:00:00
db:	VULMON	id:	CVE-2018-4847	date:	2018-04-23T00:00:00
db:	BID	id:	103941	date:	2018-04-19T00:00:00
db:	JVNDB	id:	JVNDB-2018-004493	date:	2018-06-21T00:00:00
db:	CNNVD	id:	CNNVD-201804-1344	date:	2018-04-24T00:00:00
db:	NVD	id:	CVE-2018-4847	date:	2018-04-23T16:29:00.213