CVE-2017-6871

Severity Score

5.4

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.

Se ha descubierto una vulnerabilidad en Siemens SIMATIC WinCC Sm@rtClient para Android (todas las versiones anteriores a la V1.0.2.2) y SIMATIC WinCC Sm@rtClient para Android Lite (todas las versiones anteriores a la V1.0.2.2). Un atacante con acceso físico a un dispositivo móvil desbloqueado que esté ejecutando la app afectada podría eludir el mecanismo de autenticación de la app bajo ciertas condiciones.

*Credits: N/A

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-03-13 CVE Reserved
2017-08-08 CVE Published
2024-08-05 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication
CWE-288: Authentication Bypass Using an Alternate Path or Channel

CAPEC

References (2)

URL	Tag	Source
http://www.securityfocus.com/bid/99582	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"		Simatic Wincc Sm\@rtclient Search vendor "Siemens" for product "Simatic Wincc Sm\@rtclient"				<= 1.0.2.1 Search vendor "Siemens" for product "Simatic Wincc Sm\@rtclient" and version " <= 1.0.2.1"		android		Affected
Siemens Search vendor "Siemens"		Simatic Wincc Sm\@rtclient Lite Search vendor "Siemens" for product "Simatic Wincc Sm\@rtclient Lite"				<= 1.0.2.1 Search vendor "Siemens" for product "Simatic Wincc Sm\@rtclient Lite" and version " <= 1.0.2.1"		android		Affected