CVE-2015-1596: Detailed Vulnerability Analysis and Overview

CVE-2015-1596 Vulnerability Summary

The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Need help fixing CVEs? Check out our Step-by-Step Guide on How to Fix CVEs.

CVE-2015-1596: Detailed Information and External References

EPSS

0.00061

EPSS %

0.27647

References

0.00061

• http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf
• http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf

CWE

CWE-310

Vulnerable Configurations

• cpe:2.3:a:siemens:spcanywhere:1.4:*:*:*:*:iphone_os:*:*
  cpe:2.3:a:siemens:spcanywhere:1.4:*:*:*:*:iphone_os:*:*
• cpe:2.3:a:siemens:spcanywhere:1.4.1:*:*:*:*:android:*:*
  cpe:2.3:a:siemens:spcanywhere:1.4.1:*:*:*:*:android:*:*