Siemens SIMATIC WinCC Sm@rtClient for Android Lets Local Users Obtain Passwords
|
SecurityTracker Alert ID: 1033021 |
SecurityTracker URL: http://securitytracker.com/id/1033021
|
CVE Reference:
CVE-2015-5084
(Links to External Site)
|
Date: Jul 22 2015
|
Impact:
Disclosure of authentication information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Sm@rtClient for Android prior to V01.00.01.00
|
Description:
A vulnerability was reported in Siemens SIMATIC WinCC Sm@rtClient for Android. A local user can obtain passwords on the target system.
A local user can exploit a flaw in the storage of Sm@rtServer-specific passwords to obtain the passwords.
SIMATIC WinCC Sm@rtClient for Android and Sm@rtClient Lite for Android are affected.
Karsten Sohr from Universitat Bremen and Stephan Huber from Fraunhofer SIT reported this vulnerability.
|
Impact:
A local user can obtain Sm@rtServer-specific passwords on the target system.
|
Solution:
The vendor has issued a fix (SIMATIC WinCC Sm@rtClient V01.00.01.00 for Android).
The vendor's advisory is available at:
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf
|
Vendor URL: www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Android
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|