Siemens SIMATIC WinCC OA Operator IOS App (Update A)
Monitor4ICS-CERT ICSA-18-109-01Apr 19, 2018
Attack VectorPhysical
Auth RequiredLow
ComplexityHigh
User InteractionNone needed
Summary
The SIMATIC WinCC OA Operator iOS App stores sensitive data (such as passwords and configuration information) in the app directory in a way that is accessible if an attacker gains physical access to an unlocked device. Successful exploitation allows reading sensitive information that could be used to gain unauthorized access to the WinCC OA control system. This vulnerability affects all versions of the app prior to version 1.4.
What this means
What could happen
An attacker with physical access to an unlocked mobile device running this app could extract sensitive data (such as stored credentials or configuration information) from the app's storage directory. This could enable further unauthorized access to the WinCC OA control system.
Who's at risk
Water and electric utility operations, refineries, and other industrial facilities using Siemens SIMATIC WinCC OA (the supervisory control and data acquisition platform) for monitoring and control. This affects operators and engineers who use the iOS app on mobile devices to access WinCC OA systems remotely or from control rooms.
How it could be exploited
An attacker with physical access to a mobile device running the SIMATIC WinCC OA Operator iOS App can access the app's directory on the device filesystem to read stored sensitive data. This requires the device to be unlocked or the attacker to bypass iOS device security.
Prerequisites
- Physical access to an iOS device running the vulnerable app
- Device must be unlocked or iOS security must be bypassed
- App's storage directory must contain sensitive cached data (e.g., saved passwords or session tokens)
Affects sensitive data exposure (credentials and configuration)Requires physical device access (limits attack scope)No public exploits availableNot remotely exploitableLow severity overall due to physical access requirement
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
SIMATIC WinCC OA Operator iOS App: All< 1.41.4
Remediation & Mitigation
0/5
Do now
0/3WORKAROUNDDisable password save feature in the app and logout after every work session
HARDENINGDo not use this app in high-security control areas
HARDENINGEnforce device-level security policies: require strong device passcodes, enable auto-lock, and restrict physical access to engineering mobile devices
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate SIMATIC WinCC OA Operator iOS App to version 1.4 or later
Long-term hardening
0/1HARDENINGFollow Siemens SIMATIC WinCC OA Security Guideline for environment hardening
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c53c9464-3926-41ee-9df3-5e837cd009cf