Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1595

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1595
Last Modified 15 Jul 2015 11:07:32
Published 06 Mar 2015 09:59:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1595

Summary

The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.

Vulnerable Systems

Application

  • Siemens Spcanywhere 1.4

  • Siemens Spcanywhere 1.4.1


References

CONFIRM - http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf


Last Updated: 27 May 2016 11:09:14