SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Siemens SIMATIC WinCC Vendors:   Siemens
Siemens SIMATIC WinCC Sm@rtClient for Android Lets Local Users Obtain Passwords
SecurityTracker Alert ID:  1033021
SecurityTracker URL:  http://securitytracker.com/id/1033021
CVE Reference:   CVE-2015-5084   (Links to External Site)
Date:  Jul 22 2015
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Sm@rtClient for Android prior to V01.00.01.00
Description:   A vulnerability was reported in Siemens SIMATIC WinCC Sm@rtClient for Android. A local user can obtain passwords on the target system.

A local user can exploit a flaw in the storage of Sm@rtServer-specific passwords to obtain the passwords.

SIMATIC WinCC Sm@rtClient for Android and Sm@rtClient Lite for Android are affected.

Karsten Sohr from Universitat Bremen and Stephan Huber from Fraunhofer SIT reported this vulnerability.
Impact:   A local user can obtain Sm@rtServer-specific passwords on the target system.
Solution:   The vendor has issued a fix (SIMATIC WinCC Sm@rtClient V01.00.01.00 for Android).

The vendor's advisory is available at:

http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf
Vendor URL:  www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf (Links to External Site)
Cause:   Access control error
Underlying OS:  Android

Message History:   None.

 Source Message Contents


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC