ICSA-18-081-01 Siemens SIMATIC WinCC OA UI Mobile App
Monitor5.1ICS-CERT ICSA-18-081-01Mar 20, 2018
Attack VectorAdjacent
Auth RequiredLow
ComplexityHigh
User InteractionRequired
Summary
SIMATIC WinCC OA UI for Android and iOS prior to V3.15.10 contains an improper permissions or data protection vulnerability (CWE-284) that allows an attacker on the local network with valid engineering credentials to access sensitive data displayed or stored by the app, including potentially process information, credentials, or authentication tokens. The app handles sensitive data in a way that can be accessed by other applications or network-adjacent attackers under certain conditions.
What this means
What could happen
An attacker with local network access and valid engineering credentials could steal sensitive data from the mobile app, such as passwords, authentication tokens, or process information displayed on the screen. Data integrity could also be compromised through app manipulation.
Who's at risk
Plant engineers and operators using the SIMATIC WinCC OA UI mobile app on Android or iOS devices to remotely monitor or control Siemens automation systems. This affects any water utility, power plant, manufacturing facility, or other industrial site that relies on WinCC OA for SCADA/supervisory control and uses the mobile interface for remote operations.
How it could be exploited
An attacker must be on the same local network (WiFi or adjacent subnet) as the mobile device running the app and must have valid engineering workstation credentials. The attacker exploits a permissions or data handling flaw that requires user interaction with the mobile app to trigger the exposure. Once exploited, the attacker gains access to sensitive information stored or displayed by the app.
Prerequisites
- Local network access (same WiFi or adjacent network segment)
- Valid engineering workstation credentials
- User interaction with the mobile app required
- Vulnerable version of the app installed (WinCC OA UI for Android or iOS prior to V3.15.10)
Low attack complexityRequires local network accessRequires valid engineering credentialsRequires user interactionMobile app deployed in field or remote locations
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
SIMATIC WinCC OA UI for Android<V3.15.103.15.10
SIMATIC WinCC OA UI for iOS<V3.15.10V3.15.10
Remediation & Mitigation
0/4
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
SIMATIC WinCC OA UI for Android
HOTFIXUpdate SIMATIC WinCC OA UI for Android to V3.15.10 or later via Google Play Store
SIMATIC WinCC OA UI for iOS
HOTFIXUpdate SIMATIC WinCC OA UI for iOS to V3.15.10 or later via Apple App Store
Long-term hardening
0/2HARDENINGRestrict network access to the WinCC OA server from untrusted WiFi networks
HARDENINGImplement network segmentation to isolate engineering workstations and mobile devices from guest or general IT networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/96210dda-5321-4f63-aef3-b44849d96faf