What is CVE-2017-6870?

CVE-2017-6870 is a high-severity vulnerability in Siemens Simatic_wincc_sm\@rtclient, classified under Channel Accessible by Non-Endpoint. CVSS score: 7.4/10. Published 2017-08-08.

How severe is CVE-2017-6870?

High severity. CVSS v3 base score is 7.4 out of 10.

Vulnerability in Siemens Simatic_wincc_sm\@rtclient

CVE-2017-6870

A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could allow an attacker to read and modify data within a TLS session while performing…

EPSS: 0.002 (47.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Siemens Simatic_wincc_sm\@rtclient
N/a Simatic Wincc Sm@rtclient For Android — versions SIMATIC WinCC Sm@rtClient for Android

Weakness classification (CWE)

CWE-300 — Channel Accessible by Non-Endpoint

References

productcert@siemens.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
productcert@siemens.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2017-6870?: CVE-2017-6870 is a high-severity vulnerability in Siemens Simatic_wincc_sm\@rtclient, classified under Channel Accessible by Non-Endpoint. CVSS score: 7.4/10. Published 2017-08-08.
How severe is CVE-2017-6870?: High severity. CVSS v3 base score is 7.4 out of 10.