You are here

Siemens SIMATIC WinCC OA UI Mobile App (ICSA-18-081-01) – Product Used in the Water and Wastewater and Energy Sectors

Siemens SIMATIC WinCC OA UI Mobile App (ICSA-18-081-01) – Product Used in the Water and Wastewater and Energy Sectors

Created: Thursday, March 22, 2018 - 15:35
Categories:
Cybersecurity

The NCCIC has released an advisory on a vulnerability in Siemens SIMATIC WinCC OA UI Mobile App. For both Android and Apple users, all versions prior to V3.15.10 are affected. This vulnerability could be exploited by an attacker who tricks an app user to connect to a malicious WinCC OA server. Successful exploitation of this vulnerability could allow an attacker to read and write data from and to the app’s project cache folder. Siemens has provided updates to mitigate this vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability. ICS-CERT.