CVE-2014-5232 - Permissions, Privileges, and Access Control vulnerability in Siemens Simatic Wincc SM%40Rtclient 1.0
Summary
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.
Classification
CWE-264 - Permissions, Privileges, and Access ControlRisk level (CVSS 1.9)
Low
1.9
Access Vector
- Network
- Adjacent Network
- Local
Access Complexity
- Low
- Medium
- High
Authentication
- None
- Single
- Multiple
Confident. Impact
- Complete
- Partial
- None
Integrity Impact
- Complete
- Partial
- None
Affected Products
External references
Related CVE
| Date | CVE | Title | CVSS |
|---|---|---|---|
| 2015-01-14 | CVE-2014-5233 | Information Leak / Disclosure vulnerability in Siemens Simatic Wincc SM%40Rtclient 1.0 | 1.9 |
| 2015-01-14 | CVE-2014-5231 | Information Leak / Disclosure vulnerability in Siemens Simatic Wincc SM%40Rtclient 1.0 | 2.1 |