CVE-2015-1595

Currently unrated

Key Information:

Vendor: Siemens
Status: Spcanywhere
Vendor: CVE Published:; 7 March 2015

Summary

The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream.

References

http://www.siemens.com/innovation/pool/de/forschungsfelde...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 7, 2015
Vulnerability Reserved
Feb 13, 2015