Sign-up

ID

VAR-201503-0019


CVE

CVE-2015-1597


TITLE

SPCanywhere Code injection vulnerability

Trust: 0.8

sources: IVD: 9e584062-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01705

DESCRIPTION

The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. SPCanywhere is an application for accessing the Siemens SPC anti-theft alarm system. Siemens SPCanywhere Application for Android is a set of mobile applications based on the Android platform of Siemens, Germany, which allows users to remotely access the Siemens SPC intrusion alarm system through mobile phones. There is a security vulnerability in the Siemens SPCanywhere application based on the Android platform. The vulnerability stems from the fact that the program does not use encryption technology when the code is loaded

Trust: 2.7

sources: NVD: CVE-2015-1597 // JVNDB: JVNDB-2015-001706 // CNVD: CNVD-2015-01705 // BID: 72974 // IVD: 9e584062-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-79558

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 9e584062-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01705

AFFECTED PRODUCTS

vendor:siemensmodel:spcanywherescope:lteversion:1.4.1

Trust: 1.0

vendor:siemensmodel:spcanywherescope:eqversion:(android)

Trust: 0.8

vendor:siemensmodel:spcanywhere <=1.4.1scope: - version: -

Trust: 0.6

vendor:siemensmodel:spcanywherescope:eqversion:1.4.1

Trust: 0.6

vendor:siemensmodel:spcanywherescope:eqversion:0

Trust: 0.3

vendor:spcanywheremodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 9e584062-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01705 // BID: 72974 // JVNDB: JVNDB-2015-001706 // CNNVD: CNNVD-201503-131 // NVD: CVE-2015-1597

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1597
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-1597
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-01705
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201503-131
value: MEDIUM

Trust: 0.6

IVD: 9e584062-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-79558
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1597
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-01705
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 9e584062-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-79558
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 9e584062-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-01705 // VULHUB: VHN-79558 // JVNDB: JVNDB-2015-001706 // CNNVD: CNNVD-201503-131 // NVD: CVE-2015-1597

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.9

sources: VULHUB: VHN-79558 // JVNDB: JVNDB-2015-001706 // NVD: CVE-2015-1597

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201503-131

TYPE

Code injection

Trust: 0.8

sources: IVD: 9e584062-2351-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201503-131

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-001706

PATCH
title:SSA-185226url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf
Trust: 0.8
title:SPCanywhere code injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/56307
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-01705 // 
            
            
            
            JVNDB: JVNDB-2015-001706

EXTERNAL IDS
db:NVDid:CVE-2015-1597
Trust: 3.6
db:SIEMENSid:SSA-185226
Trust: 2.6
db:BIDid:72974
Trust: 1.0
db:CNNVDid:CNNVD-201503-131
Trust: 0.9
db:CNVDid:CNVD-2015-01705
Trust: 0.8
db:JVNDBid:JVNDB-2015-001706
Trust: 0.8
db:ICS CERTid:ICSA-15-064-05
Trust: 0.3
db:IVDid:9E584062-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-79558
Trust: 0.1
sources:
            
            
            IVD: 9e584062-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-01705 // 
            
            
            
            VULHUB: VHN-79558 // 
            
            
            
            BID: 72974 // 
            
            
            
            JVNDB: JVNDB-2015-001706 // 
            
            
            
            CNNVD: CNNVD-201503-131 // 
            
            
            
            NVD: CVE-2015-1597

REFERENCES
url:http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1597
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1597
Trust: 0.8
url:http://www.siemens.com/
Trust: 0.3
url:https://ics-cert.us-cert.gov/advisories/icsa-15-064-05
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-01705 // 
            
            
            
            VULHUB: VHN-79558 // 
            
            
            
            BID: 72974 // 
            
            
            
            JVNDB: JVNDB-2015-001706 // 
            
            
            
            CNNVD: CNNVD-201503-131 // 
            
            
            
            NVD: CVE-2015-1597

CREDITS
Karsten Sohr, Bernhard Berger, and Kai Hillmann from the TZI-Bremen
Trust: 0.3
sources:
            
            
            BID: 72974

SOURCES
db:IVDid:9e584062-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-01705
db:VULHUBid:VHN-79558
db:BIDid:72974
db:JVNDBid:JVNDB-2015-001706
db:CNNVDid:CNNVD-201503-131
db:NVDid:CVE-2015-1597

LAST UPDATE DATE
2025-04-12T22:59:39.872000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-01705date:2015-04-09T00:00:00
db:VULHUBid:VHN-79558date:2015-03-09T00:00:00
db:BIDid:72974date:2015-03-06T00:00:00
db:JVNDBid:JVNDB-2015-001706date:2015-03-11T00:00:00
db:CNNVDid:CNNVD-201503-131date:2015-03-11T00:00:00
db:NVDid:CVE-2015-1597date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:9e584062-2351-11e6-abef-000c29c66e3ddate:2015-03-17T00:00:00
db:CNVDid:CNVD-2015-01705date:2015-03-17T00:00:00
db:VULHUBid:VHN-79558date:2015-03-07T00:00:00
db:BIDid:72974date:2015-03-06T00:00:00
db:JVNDBid:JVNDB-2015-001706date:2015-03-11T00:00:00
db:CNNVDid:CNNVD-201503-131date:2015-03-09T00:00:00
db:NVDid:CVE-2015-1597date:2015-03-07T02:59:06.707