CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6870
https://notcve.org/view.php?id=CVE-2017-6870
08 Aug 2017 — A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack. Se ha descubierto una vulnerabilidad en Siemens SIMATIC WinCC Sm@rtClient para Android (todas las versiones anteriores a la V1.0.2.2). La implementación del protocolo TLS existente podría permitir que un atacante lea y modifique datos en ... • http://www.securityfocus.com/bid/99582 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6871
https://notcve.org/view.php?id=CVE-2017-6871
08 Aug 2017 — A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions. Se ha descubierto una vulnerabilidad en Siemens SIMATIC WinCC Sm@rtClient para Android (todas las versiones anteriores a la V1.0.2.2) y SIMATIC WinCC ... • http://www.securityfocus.com/bid/99582 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5084
https://notcve.org/view.php?id=CVE-2015-5084
03 Aug 2015 — The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad en Siemens SIMATIC en las aplicaciones WinCC Sm@rtClient y Sm@rtClient Lite en las versiones anteriores a la 01.00.01.00 para Android, no almacena correctamente las contraseñas, lo cual permite a atacantes físicamente próximos obtener información sensible a tr... • http://www.securityfocus.com/bid/75981 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5231
https://notcve.org/view.php?id=CVE-2014-5231
14 Jan 2015 — The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors. La aplicación Siemens SIMATIC WinCC Sm@rtClient anterior a 1.0.2 para iOS permite a atacantes físicamente próximos descubrir las credenciales del almacenamiento a través de vectores sin especificar • http://www.securitytracker.com/id/1031546 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5232
https://notcve.org/view.php?id=CVE-2014-5232
14 Jan 2015 — The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. La aplicación Siemens SIMATIC WinCC Sm@rtClient anterior a 1.0.2 para iOS permite a usuarios locales evadir el requerimiento de la contraseña de la aplicación mediante el aprovechamiento del funcionamiento de la aplicación en el estado de segundo plano. • http://www.securitytracker.com/id/1031546 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5233
https://notcve.org/view.php?id=CVE-2014-5233
14 Jan 2015 — The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism. La aplicación Siemens SIMATIC WinCC Sm@rtClient anterior a 1.0.2 para iOS permite a atacantes físicamente próximos descubrir las credenciales de Sm@rtServer mediante el aprovechamiento de un error en el mecanismo del procesamiento de credenciales. • http://www.securitytracker.com/id/1031546 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •