VYPR

Simatic Wincc Sm\@rtclient

by Siemens Foundation

CVEs (7)

  • CVE-2023-28831HigSep 12, 2023
    risk 0.49cvss 7.5epss 0.01

    The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of…

  • CVE-2017-6870HigAug 8, 2017
    risk 0.48cvss 7.4epss 0.01

    A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing a Man-in-the-Middle (MitM) attack.

  • CVE-2017-6871MedAug 8, 2017
    risk 0.35cvss 5.4epss 0.00

    A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app…

  • CVE-2015-5084Aug 3, 2015
    risk 0.00cvss epss 0.00

    The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors.

  • CVE-2014-5233Jan 14, 2015
    risk 0.00cvss epss 0.00

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtServer credentials by leveraging an error in the credential-processing mechanism.

  • CVE-2014-5232Jan 14, 2015
    risk 0.00cvss epss 0.00

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.

  • CVE-2014-5231Jan 14, 2015
    risk 0.00cvss epss 0.00

    The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.