Siemens SIMATIC WinCC Sm@rtClient iOS Application Authentication Vulnerabilities
Low RiskICS-CERT ICSA-15-013-01Oct 16, 2015
Summary
SIMATIC WinCC Sm@rtClient for iOS contains authentication weaknesses in how it stores and manages credentials (CWE-522: Insufficient Protection of Credentials, CWE-287: Improper Authentication). The application stores authentication information in a manner that allows extraction by an attacker with physical access to the device. Both SIMATIC WinCC Sm@rtClient and SIMATIC WinCC Sm@rtClient Lite for iOS versions prior to V1.0.2 are affected.
What this means
What could happen
An attacker who gains access to the iOS device running WinCC Sm@rtClient could read stored authentication credentials and potentially authenticate to the WinCC SCADA system without proper authorization, allowing unauthorized monitoring or control of industrial processes.
Who's at risk
Water utilities and electric utilities with SCADA systems using Siemens WinCC HMI software should be concerned about this issue. This affects engineering workstations and field operator devices running the iOS Sm@rtClient or Sm@rtClient Lite applications, which are typically used for remote HMI access and process monitoring from mobile devices.
How it could be exploited
An attacker with physical access to an iOS device running the vulnerable application can extract stored authentication credentials from the device's memory or storage. The attacker can then use these credentials to directly authenticate to the WinCC SCADA server, bypassing normal access controls.
Prerequisites
- Physical access to the iOS device running SIMATIC WinCC Sm@rtClient or Sm@rtClient Lite
- The application must have stored authentication credentials on the device
default credentials stored insecurelyno authentication validationlow complexity exploitationno patch available
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIMATIC WinCC Sm@rtClient: <V1.0.2<V1.0.21.0.2
SIMATIC WinCC Sm@rtClient Lite for iOS: <V1.0.2<V1.0.21.0.2
Remediation & Mitigation
0/4
Do now
0/2HARDENINGEnforce device-level security requirements such as passcode locks, encryption, and remote wipe capability
HARDENINGRestrict distribution of WinCC Sm@rtClient to a limited set of authorized engineering and operations staff with strong device security posture
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpgrade to SIMATIC WinCC Sm@rtClient version 1.0.2 or later when available
Long-term hardening
0/1HARDENINGImplement physical security controls for mobile devices running WinCC Sm@rtClient (e.g., secure storage, restricted access)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/60745601-a65a-44b2-86ba-bbea0a6543ac