Two vulnerabilities in Siemens SIMATIC Sm@rtClient Android App
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-6870 CVE-2017-6871 |
| CWE-ID | CWE-300 CWE-288 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SIMATIC WinCC Sm@rtClient for Android Server applications / SCADA systems |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Man-in-the-middle attack
EUVDB-ID: #VU7515
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6870
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a man-in-the-middle attack.
The weakness exists due to an error when TLS protocol implementation. A remote attacker can conduct MITM attack to read and modify data within a TLS session.
Update SIMATIC WinCC Sm@rtClient for Android to version 1.0.2.2.
Vulnerable software versionsSIMATIC WinCC Sm@rtClient for Android: 01.00.01.00
External linkshttp://ics-cert.us-cert.gov/advisories/ICSA-17-194-03
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Authentication bypass
EUVDB-ID: #VU7516
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6871
CWE-ID:
CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication.
The weakness exists due to unknown error. A local attacker can use alternate path or channel to bypass the app’s authentication mechanism.
Update SIMATIC WinCC Sm@rtClient Lite for Android to version 1.0.2.2.
Vulnerable software versionsSIMATIC WinCC Sm@rtClient for Android: 01.00.01.00 Lite
External linkshttp://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
