Improper Certificate Validation in Siemens SPCanywhere Application for Android and iOS
CVE-2015-1596

Currently unrated

Key Information:

Vendor
Siemens
Status
Spcanywhere
Vendor
CVE Published:
7 March 2015

Summary

The Siemens SPCanywhere application for both Android and iOS has a flaw in its SSL certificate verification process. This weakness allows attackers to perform man-in-the-middle attacks, enabling them to impersonate SSL servers. Consequently, an attacker could exploit this vulnerability to intercept sensitive data by presenting a fraudulent X.509 certificate, ultimately compromising user privacy and data integrity.

References

http://www.siemens.com/innovation/pool/de/forschungsfelde...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.