28 matches found
EUVD-2015-1728
Malware in sbrugna...
EUVD-2015-1726
Malware in sbrugna...
EUVD-2015-1730
Malware in sbrugna...
Siemens SPCanywhere App Vulnerabilities
OVERVIEW Karsten Sohr, Bernhard Berger, and Kai Hillmann from the TZI-Bremen, Kim Schlyter, Seyton Bradford, and Richard Warren from FortConsult, and Stefan Schuhmann have identified vulnerabilities in the Siemens SPCanywhere mobile application. Siemens has produced a new mobile application calle...
SPCanywhere Code Injection Vulnerability
SPCanywhere is an application for accessing the Siemens SPC anti-theft alarm system. SPCanywhere suffers from a security vulnerability where unencrypted code is loaded, allowing an attacker to inject code and perform arbitrary actions on a mobile device...
SPCanywhere Authentication Bypass Vulnerability
SPCanywhere is the mobile application. The Siemens SPC intrusion alarm system can be accessed remotely from your cell phone. An authentication bypass vulnerability exists in SPCanywhere, which allows an attacker to bypass certain security restrictions and perform unauthorized operations...
SPCanywhere Local Information Disclosure Vulnerability
SPCanywhere is the mobile application. The Siemens SPC intrusion alarm system can be accessed remotely from your cell phone. SPCanywhere suffers from a local information disclosure vulnerability that could be exploited by an attacker to obtain sensitive information...
SPCanywhere Information Disclosure Vulnerability
SPCanywhere is the mobile application. The Siemens SPC intrusion alarm system can be accessed remotely from your cell phone. SPCanywhere has an information disclosure vulnerability that allows attackers to exploit the vulnerability to obtain sensitive information...
CVE-2015-1599
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error...
CVE-2015-1598
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem...
CVE-2015-1597
The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream...
CVE-2015-1596
The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2015-1595
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream...
Code injection
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream...
Information disclosure
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem...
Code injection
The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream...
Design/Logic Flaw
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error...
Information disclosure
The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2015-1595
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream...
CVE-2015-1599
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error...