Siemens Security Advisory by Siemens ProductCERT SSA-267489: Vulnerability in Android App Sm@rtClient Publication Date Last Update Current Version CVSS Overall Score 2015-07-21 2015-07-21 V1.0 1.6 Summary: The latest update of the SIMATIC WinCC Sm@rtClient Android App fixes a vulnerability which could allow attackers to extract Sm@rtServer credentials from the Sm@rtClient Android App under certain conditions. AFFECTED PRODUCTS · SIMATIC WinCC Sm@rtClient for Android: All versions < V01.00.01.00 · SIMATIC WinCC Sm@rtClient Lite for Android: All versions < V01.00.01.00 DESCRIPTION The SIMATIC WinCC Sm@rtClient App, in combination with the SIMATIC WinCC Sm@rtServer, allows remote operation and observation of SIMATIC HMI systems. The vulnerability resolved with this update is discussed below. VULNERABILITY CLASSIFICATION The vulnerability classification has been performed by using the CVSSv2 scoring system (http://www.first.org/cvss/). The CVSS environmental score is specific to the customer's environment and will impact the overall CVSS score. The environmental score should therefore be individually defined by the customer to accomplish final scoring. Vulnerability Description (CVE-2015-5084) The existing storage technique for Sm@rtServer-specific passwords could allow attackers to extract the password if local access to the mobile device was available. CVSS Base Score CVSS Temporal Score CVSS Overall Score 2.1 1.6 1.6 (AV:L/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C) Mitigating factors Attackers could only take advantage of the above mentioned vulnerability if they had local access to the attacked device. SOLUTION Siemens has released SIMATIC WinCC Sm@rtClient V01.00.01.00 for Android [1, 2, 3, 4] which fixes this vulnerability and recommends updating as soon as possible. It is advised to configure the environment according to operational guidelines [5]. ACKNOWLEDGEMENT Siemens thanks Karsten Sohr from Universität Bremen and Stephan Huber from Fraunhofer SIT for coordinated disclosure. SSA-267489 © Siemens AG 2015 Page 1 of 2 Siemens Security Advisory by Siemens ProductCERT ADDITIONAL RESOURCES [1] The new version of Sm@rtClient can be obtained via Google’s Play Store: https://play.google.com/store/apps/details?id=com.siemens.smartclient [2] The new version of Sm@rtClient for US customers can be obtained via Google’s Play Store: https://play.google.com/store/apps/details?id=com.siemens.smartclient_us [3] The new version of Sm@rtClient Lite can be obtained via Google’s Play Store: https://play.google.com/store/apps/details?id=com.siemens.smartclient_lite [4] The new version of Sm@rtClient Lite for US customers can be obtained via Google’s Play Store: https://play.google.com/store/apps/details?id=com.siemens.smartclient_us_lite [5] An overview of the operational guidelines for Industrial Security (with the cell protection concept): https://www.siemens.com/cert/operational-guidelines-industrial-security [6] Information about Industrial Security by Siemens: http://www.siemens.com/industrialsecurity [7] For further inquiries on vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: http://www.siemens.com/cert/advisories HISTORY DATA V1.0 (2015-07-21): Publication Date DISCLAIMER See: http://www.siemens.com/terms_of_use SSA-267489 © Siemens AG 2015 Page 2 of 2