Man-in-the-Middle Vulnerability in Siemens SPCanywhere Mobile Application
CVE-2015-1595

Currently unrated

Key Information:

Vendor: Siemens
Status: Spcanywhere
Vendor: CVE Published:; 7 March 2015

What is CVE-2015-1595?

The Siemens SPCanywhere application for mobile devices fails to implement encryption for the lookups of system ID to IP address mappings. This oversight allows attackers to perform man-in-the-middle attacks, enabling them to intercept the client-server communication. As a result, sensitive information such as alarm IP addresses can be leaked, and attackers may spoof servers, posing significant security risks to users.

References

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2015
Vulnerability Reserved
Feb 13, 2015