Simatic Wincc Sm Rtclient
CVE-2017-6871
MEDIUM
Severity by source
AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.
AnalysisAI
A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-288. A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions. Affected products include: Siemens Simatic Wincc Sm\@Rtclient, Siemens Simatic Wincc Sm\@Rtclient Lite.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Simatic Wincc Sm Rtclient
View allA vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). Rated hi
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly s
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the pass
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to discover Sm@rtSe
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-pass
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today