4 matches found
CVE-2015-5084
The CVE-2015-5084 issue affects Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite for Android prior to 01.00.01.00. The root cause is improper storage of Sm@rtServer passwords, enabling a locally proximate attacker to retrieve sensitive credentials via unspecified vectors. Impact is credenti...
CVE-2014-5233
Siemens SIMATIC WinCC Sm@rtClient for iOS (pre-1.0.2) has an information-credential flaw: an error in the credential-processing/handling allows a physically proximate attacker with local access to extract Sm@rtServer credentials. The issue is tied to the app’s credential-storage/processing mechan...
CVE-2014-5231
Siemens SIMATIC WinCC Sm@rtClient for iOS (pre-1.0.2) is affected by CVE-2014-5231. The issue stems from Insufficiently Protected Credentials (CWE-522): the app stores its password in storage in a way that could allow a local attacker with physical access to extract it. The ICS advisory notes loc...
CVE-2014-5232
Siemens SIMATIC WinCC Sm@rtClient for iOS is vulnerable prior to version 1.0.2 due to insufficiently protected credentials and improper authentication. When the app resumes from the background, an attacker with local access could bypass the required application password, potentially gaining acces...