Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1595 | 1 Siemens | 1 Spcanywhere | 2015-07-15 | 4.3 MEDIUM | N/A |
The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. | |||||
CVE-2015-1599 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 2.1 LOW | N/A |
The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. | |||||
CVE-2015-1596 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 5.8 MEDIUM | N/A |
The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-1598 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 2.1 LOW | N/A |
The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device filesystem. | |||||
CVE-2015-1597 | 1 Siemens | 1 Spcanywhere | 2015-03-09 | 6.8 MEDIUM | N/A |
The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. |