Lucene search

CVE-2018-4844

🗓️ 20 Mar 2018 14:00:29Reported by siemensType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 38 Views

A vulnerability in SIMATIC WinCC OA UI for Android and iOS allows unauthorized read/write access to HMI project cache folders on the same device. Exploitation requires user interaction and access to the app's folder

Reporter	Title	Published	Views	Family All 4
ICS	ICSA-18-081-01 Siemens SIMATIC WinCC OA UI Mobile App	20 Mar 201800:00	–	ics
Cvelist	CVE-2018-4844	20 Mar 201814:00	–	cvelist
Prion	Design/Logic Flaw	20 Mar 201814:29	–	prion
NVD	CVE-2018-4844	20 Mar 201814:29	–	nvd

Nvd

Node

siemens simatic_wincc_oa_uiRange<3.15.10android

siemens simatic_wincc_oa_uiRange<3.15.10iphone_os

[
  {
    "product": "SIMATIC WinCC OA UI for Android, SIMATIC WinCC OA UI for iOS",
    "vendor": "Siemens AG",
    "versions": [
      {
        "status": "affected",
        "version": "SIMATIC WinCC OA UI for Android : All versions < V3.15.10"
      },
      {
        "status": "affected",
        "version": "SIMATIC WinCC OA UI for iOS : All versions < V3.15.10"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/103475
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-822928.pdf
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSA-18-081-01

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Mar 2018 14:29Current

5.9Medium risk

Vulners AI Score5.9

CVSS23.8

CVSS36.7

EPSS0.00044

simatic wincc oa android ios vulnerability security hmi cache folder sandbox exploit siemens nvd