SSA-822928 (Last Update: 2018-03-20): Access Control Vulnerability in SIMATIC WinCC OA UI Mobile App for Android and iOS


2018-03-20 00:00:00


The latest update for the Android app and iOS app SIMATIC WinCC OA UI fix a security vulnerability which could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. Precondition for this scenario is that an attacker tricks an app user to connect to an attacker-controlled WinCC OA server.