Vulnerability Details CVE-2015-1595
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.8%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2015-1595
-
cpe:2.3:a:siemens:spcanywhere:1.4
-
cpe:2.3:a:siemens:spcanywhere:1.4.1