Man-in-the-Middle Vulnerability in Siemens SPCanywhere Mobile Application
CVE-2015-1595

Currently unrated

Key Information:

Vendor: Siemens
Status: Spcanywhere
Vendor: CVE Published:; 7 March 2015

Summary

The Siemens SPCanywhere application for mobile devices fails to implement encryption for the lookups of system ID to IP address mappings. This oversight allows attackers to perform man-in-the-middle attacks, enabling them to intercept the client-server communication. As a result, sensitive information such as alarm IP addresses can be leaked, and attackers may spoof servers, posing significant security risks to users.

References

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 7, 2015
Vulnerability Reserved
Feb 13, 2015