admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2018/CVE-2018-4847.md

19 lines
977 B
Markdown
Raw Normal View History

Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00
### [CVE-2018-4847](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4847)
![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinCC%20OA%20Operator%20iOS%20App&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-538%3A%20File%20and%20Directory%20Information%20Exposure&color=brighgreen)
### Description
A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/zzzteph/zzzteph
Reference in New Issue Copy Permalink