How severe is CVE-2018-4844?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2018-4844?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2018-4844

MEDIUM Year: 2018

CVSS v3 Score

6.7

Medium

CVSS v2 Score

3.8

Low

Weakness Type

CWE-284

View all →

Vulnerability Description

A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Insufficient limitation of CONTROL script capabilities could allow read and write access from one HMI project cache folder to other HMI project cache folders within the app's sandbox on the same mobile device. This includes HMI project cache folders of other configured WinCC OA servers. The security vulnerability could be exploited by an attacker who tricks an app user to connect to an attacker-controlled WinCC OA server. Successful exploitation requires user interaction and read/write access to the app's folder on a mobile device. The vulnerability could allow reading data from and writing data to the app's folder. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.

CVE-2009-5150

MEDIUM

CVSS:6.7(Medium)

Absolute Computrace Agent V80.845 and V80.866 does not have a digital signature for the configuration block, which allows attackers to set up communication with a web site other than the intended sear...

CWE-2842009

CVE-2009-5151

MEDIUM

CVSS:6.7(Medium)

The stub component of Absolute Computrace Agent V70.785 executes code from a disk's inter-partition space without requiring a digital signature for that code, which allows attackers to execute code on...

CWE-2842009

CVE-2015-6851

MEDIUM

CVSS:6.7(Medium)

EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector.

CWE-2842015

CVE-2016-8793

MEDIUM

CVSS:6.7(Medium)

Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versi...

CWE-2842016

CVE-2018-0428

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate wit...

CWE-2842018

CVE-2018-15371

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of a...

CWE-2842018

CVE-2018-4844

Vulnerability Description

Related Vulnerabilities

CVE-2009-5150

CVE-2009-5151

CVE-2015-6851

CVE-2016-8793

CVE-2018-0428

CVE-2018-15371