CVE-2017-6871

MEDIUM Year: 2017
CVSS v3 Score
5.4
Medium
CVSS v2 Score
4.6
Medium
Weakness Type
CWE-288
View all →

Vulnerability Description

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2) and SIMATIC WinCC Sm@rtClient for Android Lite (All versions before V1.0.2.2). An attacker with physical access to an unlocked mobile device, that has the affected app running, could bypass the app's authentication mechanism under certain conditions.

Related Vulnerabilities

CVE-2022-36249

MEDIUM
CVSS:5.4(Medium)

Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. "After login we are directly able to use the bearer token or jsess...

CWE-2882022

CVE-2024-52586

MEDIUM
CVSS:5.4(Medium)

eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's bui...

CWE-2882024

CVE-2020-10048

MEDIUM
CVSS:5.5(Medium)

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V7.5 SP2). Due to an insecure password verification process, an attacker could bypass the password pr...

CWE-2882020

CVE-2020-11005

MEDIUM
CVSS:5.5(Medium)

The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing a...

CWE-2882020

CVE-2021-32958

MEDIUM
CVSS:5.5(Medium)

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, su...

CWE-2882021

CVE-2022-23725

MEDIUM
CVSS:5.5(Medium)

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.

CWE-2882022