Sm@rtClient Android Vulnerability Fixed

Wednesday, July 22, 2015 @ 11:07 AM gHale


Siemens created a new version to fix a password storage vulnerability in its Sm@rtClient Android application, according to a report on ICS-CERT.

This locally exploitable vulnerability came straight to Siemens by Karsten Sohr from Universität Bremen and Stephan Huber from Fraunhofer SIT.

RELATED STORIES
RuggedCom ROS Fixes POODLE
Mitigation Plan for Infusion System Hole
Eaton Fixes Power System Hole
Siemens Fixes Authentication Bypass Hole

Siemens said the vulnerability affects the following versions of SIMATIC WinCC Sm@rtClient:
• SIMATIC WinCC Sm@rtClient for Android: All versions prior to V01.00.01.00
• SIMATIC WinCC Sm@rtClient Lite for Android: All versions prior to V01.00.01.00

A local attacker may be able to exploit this vulnerability to retrieve Sm@rtServer-specific passwords stored on the mobile device.

The affected products, SIMATIC WinCC Sm@rtClient applications, in combination with the SIMATIC WinCC Sm@rtServer, allow remote mobile operation and observation of SIMATIC HMI systems.

The SIMATIC WinCC Sm@rtClient applications see action globally across several sectors including chemical, energy, food and agriculture, and water and wastewater systems.

The existing storage technique for Sm@rtServer-specific passwords could allow attackers to extract the password if local access to the mobile device was available.

CVE-2015-5084 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 2.1.

No known public exploits specifically target this vulnerability. An attacker with a low skill would be able to exploit this vulnerability.

Siemens has released SIMATIC WinCC Sm@rtClient V01.00.01.00 for Android, which fixes these vulnerabilities and recommends updating as soon as possible.

• The new version of Sm@rtClient is available in Google’s Play Store

• The new version of Sm@rtClient for U.S. customers is available in Google’s Play Store

• The new version of Sm@rtClient Lite is available in Google’s Play Store

• The new version of Sm@rtClient Lite for U.S. customers is available in Google’s Play Store

For more information on these vulnerabilities and detailed instructions, see Siemens Security Advisory SSA- 267489.