Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Siemens SIMATIC WinCC Vendors:   Siemens
Siemens SIMATIC WinCC iOS App Lets Local Users Obtain Passwords and Gain Elevated Privileges
SecurityTracker Alert ID:  1031546
SecurityTracker URL:
CVE Reference:   CVE-2014-5231, CVE-2014-5232, CVE-2014-5233   (Links to External Site)
Date:  Jan 15 2015
Impact:   Disclosure of authentication information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): iOS app prior to 1.0.2
Description:   A vulnerability was reported in the Siemens SIMATIC WinCC iOS app. A local user can obtain passwords. A local user can obtain elevated privileges on the target system.

A local user can obtain the application password [CVE-2014-5231].

When an application-specific password is set, the application does not require the password when the application is resumed from the background [CVE-2014-5232].

A local user can obtain Sm@rtServer credentials [CVE-2014-5233].

Kim Schlyter, Seyton Bradford, and Richard Warren from FortConsult (NCC Group) reported these vulnerabilities.

Impact:   A local user can obtain passwords.

A local user can bypass the password prompt to gain access to the application.

Solution:   The vendor has issued a fix (1.0.2).

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error, Authentication error
Underlying OS:  Apple (iOS)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC