CVE-2017-6871
N/A
N/A
Summary
A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android | SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android | affected |
Weaknesses
- CWE-288: CWE-288: Authentication Bypass Using an Alternate Path or Channel
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/99582
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf
References
- http://www.securityfocus.com/bid/99582
- https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.