var-201508-0289
Vulnerability from variot
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. Siemens SIMATIC WinCC Sm@rtClient for Android is a client program on Android. Siemens SIMATIC is an automation software in a single engineering environment. Multiple Siemens products are prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to disclose sensitive information. Information obtained may lead to further attacks. Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications for Android are a set of client applications based on the Android platform of Siemens, Germany, which provide remote mobile operation and observation of the SIMATIC HMI system. The vulnerability stems from the fact that the program does not store passwords correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0289",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic wincc sm\\@rtclient lite",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic wincc sm\\@rtclient",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic wincc sm@rtclient",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "01.00.01.00 (android)"
},
{
"model": "simatic wincc sm@rtclient lite",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "01.00.01.00 (android)"
},
{
"model": "simatic wincc sm@rtclient for android",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "simatic wincc sm\\@rtclient lite",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic wincc sm\\@rtclient",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "simatic wincc smartclient lite for android",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "01.00.00.00"
},
{
"model": "simatic wincc smartclient for android",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "01.00.00.00"
},
{
"model": "simatic wincc smartclient lite for android",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "01.00.01.00"
},
{
"model": "simatic wincc smartclient for android",
"scope": "ne",
"trust": 0.3,
"vendor": "siemens",
"version": "01.00.01.00"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc sm rtclient",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "simatic wincc sm rtclient lite",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "808c3b06-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04982"
},
{
"db": "BID",
"id": "75981"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003966"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-745"
},
{
"db": "NVD",
"id": "CVE-2015-5084"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_sm%40rtclient",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:siemens:simatic_wincc_sm%40rtclient_lite",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003966"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karsten Sohr from Universit?t Bremen and Stephan Huber from Fraunhofer SIT",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-745"
}
],
"trust": 0.6
},
"cve": "CVE-2015-5084",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2015-5084",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2015-04982",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "808c3b06-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-83045",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5084",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2015-5084",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2015-04982",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-745",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "808c3b06-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-83045",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "808c3b06-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04982"
},
{
"db": "VULHUB",
"id": "VHN-83045"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003966"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-745"
},
{
"db": "NVD",
"id": "CVE-2015-5084"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors. Siemens SIMATIC WinCC Sm@rtClient for Android is a client program on Android. Siemens SIMATIC is an automation software in a single engineering environment. Multiple Siemens products are prone to a local information-disclosure vulnerability. \nLocal attackers can exploit this issue to disclose sensitive information. Information obtained may lead to further attacks. Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications for Android are a set of client applications based on the Android platform of Siemens, Germany, which provide remote mobile operation and observation of the SIMATIC HMI system. The vulnerability stems from the fact that the program does not store passwords correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5084"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003966"
},
{
"db": "CNVD",
"id": "CNVD-2015-04982"
},
{
"db": "BID",
"id": "75981"
},
{
"db": "IVD",
"id": "808c3b06-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83045"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5084",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-202-02",
"trust": 2.8
},
{
"db": "BID",
"id": "75981",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-267489",
"trust": 2.3
},
{
"db": "SECTRACK",
"id": "1033021",
"trust": 1.1
},
{
"db": "CNNVD",
"id": "CNNVD-201507-745",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-04982",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003966",
"trust": 0.8
},
{
"db": "IVD",
"id": "808C3B06-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-83045",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "808c3b06-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04982"
},
{
"db": "VULHUB",
"id": "VHN-83045"
},
{
"db": "BID",
"id": "75981"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003966"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-745"
},
{
"db": "NVD",
"id": "CVE-2015-5084"
}
]
},
"id": "VAR-201508-0289",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "808c3b06-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04982"
},
{
"db": "VULHUB",
"id": "VHN-83045"
}
],
"trust": 1.6520139500000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "808c3b06-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04982"
}
]
},
"last_update_date": "2024-11-23T23:09:14.621000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-267489",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf"
},
{
"title": "Siemens SIMATIC WinCC Sm@rtClient for Android password information disclosure vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/61673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04982"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003966"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83045"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003966"
},
{
"db": "NVD",
"id": "CVE-2015-5084"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-202-02"
},
{
"trust": 2.3,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-267489.pdf"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/75981"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1033021"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5084"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5084"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "http://w3.siemens.com/topics/global/en/industry/future-of-manufacturing/industry-apps/wincc-smartclient/pages/simatic-wincc-smartclient.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04982"
},
{
"db": "VULHUB",
"id": "VHN-83045"
},
{
"db": "BID",
"id": "75981"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003966"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-745"
},
{
"db": "NVD",
"id": "CVE-2015-5084"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "808c3b06-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04982"
},
{
"db": "VULHUB",
"id": "VHN-83045"
},
{
"db": "BID",
"id": "75981"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003966"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-745"
},
{
"db": "NVD",
"id": "CVE-2015-5084"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-29T00:00:00",
"db": "IVD",
"id": "808c3b06-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-07-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04982"
},
{
"date": "2015-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-83045"
},
{
"date": "2015-07-21T00:00:00",
"db": "BID",
"id": "75981"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003966"
},
{
"date": "2015-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-745"
},
{
"date": "2015-08-03T01:59:00.090000",
"db": "NVD",
"id": "CVE-2015-5084"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04982"
},
{
"date": "2017-09-21T00:00:00",
"db": "VULHUB",
"id": "VHN-83045"
},
{
"date": "2015-07-21T00:00:00",
"db": "BID",
"id": "75981"
},
{
"date": "2015-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003966"
},
{
"date": "2015-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-745"
},
{
"date": "2024-11-21T02:32:18.423000",
"db": "NVD",
"id": "CVE-2015-5084"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "75981"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-745"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens SIMATIC WinCC Sm@rtClient for Android Password Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "808c3b06-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-04982"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-745"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…