CVE-2017-6871

MEDIUM

Siemens SIMATIC WinCC Sm@rtClient - Auth Bypass

Title source: llm

Description

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99582

Vendor Advisory x_refsource_confirm

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-589378.pdf

Scores

CVSS v3 5.4

EPSS 0.0006

EPSS Percentile 18.4%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Details

CWE

CWE-287 CWE-288

Status published

Products (3)

n/a/SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android SIMATIC WinCC Sm@rtClient for Android, SIMATIC WinCC Sm@rtClient Lite for Android

siemens/simatic_wincc_sm\@rtclient < 1.0.2.1

siemens/simatic_wincc_sm\@rtclient_lite < 1.0.2.1

Published Aug 08, 2017

Tracked Since Feb 18, 2026