CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6871
https://notcve.org/view.php?id=CVE-2017-6871
08 Aug 2017 — A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions. Se ha descubierto una vulnerabilidad en Siemens SIMATIC WinCC Sm@rtClient para Android (todas las versiones anteriores a la V1.0.2.2) y SIMATIC WinCC ... • http://www.securityfocus.com/bid/99582 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5084
https://notcve.org/view.php?id=CVE-2015-5084
03 Aug 2015 — The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad en Siemens SIMATIC en las aplicaciones WinCC Sm@rtClient y Sm@rtClient Lite en las versiones anteriores a la 01.00.01.00 para Android, no almacena correctamente las contraseñas, lo cual permite a atacantes físicamente próximos obtener información sensible a tr... • http://www.securityfocus.com/bid/75981 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •