Sign-up

ID

VAR-201508-0023


CVE

CVE-2015-5717


TITLE

Siemens COMPAS Mobile Application Input Validation Vulnerability

Trust: 1.4

sources: IVD: 783baac2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05811 // CNNVD: CNNVD-201508-573

DESCRIPTION

The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Siemens COMPAS Mobile application for Android is a Siemens-based Android-based rapid search and view of existing quotations and orders and applications for generating reports and drawings. A security vulnerability exists in the Siemens COMPAS Mobile application 1.5 and earlier based on the Android platform. The vulnerability stems from the fact that the program does not correctly verify the X.509 certificate on the SSL server side

Trust: 2.43

sources: NVD: CVE-2015-5717 // JVNDB: JVNDB-2015-004521 // CNVD: CNVD-2015-05811 // IVD: 783baac2-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-83678

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 783baac2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05811

AFFECTED PRODUCTS

vendor:siemensmodel:compasscope:ltversion:1.6

Trust: 1.4

vendor:siemensmodel:compasscope:lteversion:1.5

Trust: 1.0

vendor:siemensmodel:compasscope:eqversion:1.5

Trust: 0.6

vendor:compasmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 783baac2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05811 // JVNDB: JVNDB-2015-004521 // CNNVD: CNNVD-201508-573 // NVD: CVE-2015-5717

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5717
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-5717
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-05811
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201508-573
value: MEDIUM

Trust: 0.6

IVD: 783baac2-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-83678
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-5717
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-05811
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 783baac2-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-83678
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 783baac2-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-05811 // VULHUB: VHN-83678 // JVNDB: JVNDB-2015-004521 // CNNVD: CNNVD-201508-573 // NVD: CVE-2015-5717

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-83678 // JVNDB: JVNDB-2015-004521 // NVD: CVE-2015-5717

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-573

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201508-573

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004521

PATCH
title:COMPASurl:https://play.google.com/store/apps/details?id=com.siemens.compass&hl=ja
Trust: 0.8
title:SSA-504631url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-504631.pdf
Trust: 0.8
title:Siemens COMPAS Mobile application enters patch for verification vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/63563
Trust: 0.6
title:Siemens COMPAS Mobile Application input validation vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61025
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-05811 // 
            
            
            
            JVNDB: JVNDB-2015-004521 // 
            
            
            
            CNNVD: CNNVD-201508-573

EXTERNAL IDS
db:NVDid:CVE-2015-5717
Trust: 3.3
db:SIEMENSid:SSA-504631
Trust: 2.3
db:CNNVDid:CNNVD-201508-573
Trust: 0.9
db:CNVDid:CNVD-2015-05811
Trust: 0.8
db:JVNDBid:JVNDB-2015-004521
Trust: 0.8
db:IVDid:783BAAC2-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:SEEBUGid:SSVID-89491
Trust: 0.1
db:VULHUBid:VHN-83678
Trust: 0.1
sources:
            
            
            IVD: 783baac2-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-05811 // 
            
            
            
            VULHUB: VHN-83678 // 
            
            
            
            JVNDB: JVNDB-2015-004521 // 
            
            
            
            CNNVD: CNNVD-201508-573 // 
            
            
            
            NVD: CVE-2015-5717

REFERENCES
url:http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-504631.pdf
Trust: 2.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5717
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5717
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2015-05811 // 
            
            
            
            VULHUB: VHN-83678 // 
            
            
            
            JVNDB: JVNDB-2015-004521 // 
            
            
            
            CNNVD: CNNVD-201508-573 // 
            
            
            
            NVD: CVE-2015-5717

SOURCES
db:IVDid:783baac2-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-05811
db:VULHUBid:VHN-83678
db:JVNDBid:JVNDB-2015-004521
db:CNNVDid:CNNVD-201508-573
db:NVDid:CVE-2015-5717

LAST UPDATE DATE
2025-04-12T23:24:37.282000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-05811date:2015-09-07T00:00:00
db:VULHUBid:VHN-83678date:2015-11-04T00:00:00
db:JVNDBid:JVNDB-2015-004521date:2015-11-11T00:00:00
db:CNNVDid:CNNVD-201508-573date:2015-09-01T00:00:00
db:NVDid:CVE-2015-5717date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:IVDid:783baac2-2351-11e6-abef-000c29c66e3ddate:2015-09-07T00:00:00
db:CNVDid:CNVD-2015-05811date:2015-09-07T00:00:00
db:VULHUBid:VHN-83678date:2015-08-31T00:00:00
db:JVNDBid:JVNDB-2015-004521date:2015-09-01T00:00:00
db:CNNVDid:CNNVD-201508-573date:2015-08-31T00:00:00
db:NVDid:CVE-2015-5717date:2015-08-31T10:59:17.160