CVE-2017-6871 Information

Description

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device that has the affected app running could bypass the app’s authentication mechanism under certain conditions.

CVSS Vector

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Reference

http://www.securityfocus.com/bid/99582 https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

LOW

Base Severity

5.4