16 January 2015
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2015.0006 A number of vulnerabilities have been identified in SIMATIC WinCC Sm@rtClient iOS App 16 January 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: SIMATIC WinCC Sm@rtClient Operating System: Apple iOS Impact/Access: Access Privileged Data -- Console/Physical Unauthorised Access -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2014-5233 CVE-2014-5232 CVE-2014-5231 Member content until: Sunday, February 15 2015 OVERVIEW A number of vulnerabilities have been identified in SIMATIC WinCC Sm@rtClient iOS App prior to version 1.0.2.  IMPACT The vendor has provided the following details regarding these vulnerabilities: "Vulnerability 1 (CVE-2014-5231) The existing storage mechanism for the application specific password could allow attackers to extract the password and gain access to the application if local access is available. CVSS Base Score 4.6 CVSS Temporal Score 3.6 CVSS Overall Score 3.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C) Vulnerability 2 (CVE-2014-5232) In case an application specific password is set, the user would not be prompted to enter the password if the App was resumed from the background. CVSS Base Score 4.6 CVSS Temporal Score 3.6 CVSS Overall Score 3.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C) Vulnerability 3 (CVE-2014-5233) The implemented mechanism to process Sm@rtServer credentials could allow attackers to extract the credentials if local access is available. CVSS Base Score 4.6 CVSS Temporal Score 3.6 CVSS Overall Score 3.6 (AV:L/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)"  MITIGATION The vendor recommends updating the application to correct these issues.  REFERENCES  SSA-311299: Vulnerabilities in iOS App SIMATIC WinCC Sm@rtClient http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311299.pdf AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVLh7vxLndAQH1ShLAQIQig/+J2ObC2J1jLw3TaiXlmaZw86y+OITobJk fefLvGF8UCWKDO7SY6uY7L+LkDowX29kP1doR5i9qlewXH8y2akaXErIyM/MBYfZ fNQ2YDbcEdLiDGJlkb/SkJS+B6vf73WyIxvcO+0mY1dpUlZNUOs2+2vVb4/tiwHL tU1zmOliKcs1gUUjfORAX5AYRK/fTcnV0ZJ/70Q6KrFu8JRH9Fq29wGRxXODT6SG 8BqGcnYQfOmVOB1RnnsMwONQiyP8OMN2CZzkW/CEpXqrQv5lIyaXZ+pgLvbK/cqQ LY4vz9OTDGfoC6Tnc8CDAse9sdyxSvkqczjx8uKD0hJOnSkpUKhLVNgieD63sW2j D7+hevB9fbmE/j6lwqWrKvUUeWMoePAY/DJFZ5zsZn4COczr3TzN5CjOkdvdwoPw Fl7AkjOQNYQr0HmQz8J/18DCIrxf9ySGQyG1W7R+cL2z2+W/N5cAGQ9TbtNNIzpQ HnxbJ1UL0Yq9rBZnaP+ZeZ9sRjCRerLyvzFpKLGnyYQM1/Axo7Ermtb/5O7HvJRw mKfwplpOb0p/AKgYyFWTpXMR6Vw/V5gsqqChRn61bagMzH4nqzdVI46tYoQS5/0z CcG6LXOn59zk69aAZOjA8mVRVvdR137Mp1b1J7fwJb+MW/eV+opDNFUmbgGT1CGV crVfBYXWck0= =hRA+ -----END PGP SIGNATURE-----