Spcanywhere Security Vulnerabilities and Issues — Spcanywhere CVE List

Lucene search

SiemensSpcanywhere

5 matches found

CVE•added 2015/03/07 2:59 a.m.•48 views

CVE-2015-1595

The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.

4.3CVSS6.3AI score0.00141EPSS

CVE•added 2015/03/07 2:59 a.m.•41 views

CVE-2015-1597

The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream.

6.8CVSS7.7AI score0.00403EPSS

CVE•added 2015/03/07 2:59 a.m.•41 views

CVE-2015-1599

The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error.

2.1CVSS6.4AI score0.00061EPSS

CVE•added 2015/03/07 2:59 a.m.•38 views

CVE-2015-1596

The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8CVSS5.7AI score0.00137EPSS

CVE•added 2015/03/07 2:59 a.m.•36 views

CVE-2015-1598

The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem.

2.1CVSS6.1AI score0.00063EPSS