Low

CVE-2014-5232 - Permissions, Privileges, and Access Control vulnerability in Siemens Simatic Wincc SM%40Rtclient 1.0

Publication: 2015-01-14

Summary

The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.

Classification

CWE-264: Permissions, Privileges, and Access Control

Risk level (CVSS 1.9)

Low

1.9

Access Vector

Network
Adjacent Network
Local

Access Complexity

Low
Medium
High

Authentication

None
Single
Multiple

Confident. Impact

Complete
Partial
None

Integrity Impact

Complete
Partial
None

Affected Products

Siemens Simatic Wincc SM@rtclient 1.0

References

http://www.securitytracker.com/id/1031546
http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311299.pdf