cnvd - cnvd-2017-14605

cnvd-2017-14605

Vulnerability from cnvd

Title

Siemens SIMATIC WinCC Sm@rtClient for Android中间人攻击漏洞

Description

Siemens SIMATIC WinCC Sm@rtClient for Android是一款安卓系统上的客户端程序。Siemens SIMATIC是一款采用单一工程技术环境的自动化软件。 Siemens SIMATIC WinCC Sm@rtClient for Android存在中间人攻击漏洞，现有的TLS协议实现可能允许攻击者在执行中间人（MitM）攻击时读取和修改TLS会话中的数据。

Severity

高

Patch Name

Siemens SIMATIC WinCC Sm@rtClient for Android中间人攻击漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://www.siemens.com/cert/advisories/

Reference

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf

Impacted products

Name
Siemens SIMATIC WinCC Sm@rtClient for Android <1.0.2.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6870"
    }
  },
  "description": "Siemens SIMATIC WinCC Sm@rtClient for Android\u662f\u4e00\u6b3e\u5b89\u5353\u7cfb\u7edf\u4e0a\u7684\u5ba2\u6237\u7aef\u7a0b\u5e8f\u3002Siemens SIMATIC\u662f\u4e00\u6b3e\u91c7\u7528\u5355\u4e00\u5de5\u7a0b\u6280\u672f\u73af\u5883\u7684\u81ea\u52a8\u5316\u8f6f\u4ef6\u3002 \r\n\r\nSiemens SIMATIC WinCC Sm@rtClient for Android\u5b58\u5728\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\uff0c\u73b0\u6709\u7684TLS\u534f\u8bae\u5b9e\u73b0\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u5728\u6267\u884c\u4e2d\u95f4\u4eba\uff08MitM\uff09\u653b\u51fb\u65f6\u8bfb\u53d6\u548c\u4fee\u6539TLS\u4f1a\u8bdd\u4e2d\u7684\u6570\u636e\u3002",
  "discovererName": "Karsten Sohr and Timo Glander from the TZI at the University of Bremen",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a \r\nhttps://www.siemens.com/cert/advisories/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14605",
  "openTime": "2017-07-15",
  "patchDescription": "Siemens SIMATIC WinCC Sm@rtClient for Android\u662f\u4e00\u6b3e\u5b89\u5353\u7cfb\u7edf\u4e0a\u7684\u5ba2\u6237\u7aef\u7a0b\u5e8f\u3002Siemens SIMATIC\u662f\u4e00\u6b3e\u91c7\u7528\u5355\u4e00\u5de5\u7a0b\u6280\u672f\u73af\u5883\u7684\u81ea\u52a8\u5316\u8f6f\u4ef6\u3002 \r\n\r\nSiemens SIMATIC WinCC Sm@rtClient for Android\u5b58\u5728\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\uff0c\u73b0\u6709\u7684TLS\u534f\u8bae\u5b9e\u73b0\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u5728\u6267\u884c\u4e2d\u95f4\u4eba\uff08MitM\uff09\u653b\u51fb\u65f6\u8bfb\u53d6\u548c\u4fee\u6539TLS\u4f1a\u8bdd\u4e2d\u7684\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMATIC WinCC Sm@rtClient for Android\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siemens SIMATIC WinCC Sm@rtClient for Android \u003c1.0.2.2"
  },
  "referenceLink": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf",
  "serverity": "\u9ad8",
  "submitTime": "2017-07-14",
  "title": "Siemens SIMATIC WinCC Sm@rtClient for Android\u4e2d\u95f4\u4eba\u653b\u51fb\u6f0f\u6d1e"
}

CVE-2017-6870 (GCVE-0-2017-6870)

Vulnerability from cvelistv5

Published

2017-08-08 00:00

Modified

2024-08-05 15:41

Severity ?

CWE

CWE-300 - Channel Accessible by Non-Endpoint

Summary

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack.

References

URL

Tags

	http://www.securityfocus.com/bid/99582	vdb-entry, x_refsource_BID
	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf	x_refsource_CONFIRM