Vigil@nce - SIMATIC WinCC Sm@rtClient for Android: information disclosure
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can read passwords of SIMATIC WinCC Sm@rtClient
for Android, in order to access to user’s account.
Impacted products: SIMATIC
Severity: 1/4
Creation date: 22/07/2015
DESCRIPTION OF THE VULNERABILITY
The SIMATIC WinCC Sm@rtClient for Android product stores user’s
passwords.
However, an attacker who has an access to victim’s mobile device
can read there passwords.
A local attacker can therefore read passwords of SIMATIC WinCC
Sm@rtClient for Android, in order to access to user’s account.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SIMATIC-WinCC-Sm-rtClient-for-Android-information-disclosure-17475