Siemens: >> Spcanywhere Security Vulnerabilities
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-03-07
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.
CVSS Score
2.1
EPSS Score
0.001
Published
2015-03-07
The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream.
CVSS Score
6.8
EPSS Score
0.004
Published
2015-03-07
The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
5.8
EPSS Score
0.001
Published
2015-03-07
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.
CVSS Score
4.3
EPSS Score
0.001
Published
2015-03-07