VAR-201505-0376
Vulnerability from variot - Updated: 2025-04-12 22:59The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate. Siemens HomeControl for Room Automation for Android is an Android-based in-house automation control software. The software supports remote control of indoor heating, ventilation and air conditioning systems, etc. The vulnerability stems from the fact that the program does not verify the X.509 certificate from the SSL server
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0376",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "homecontrol for room automation",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0.0"
},
{
"model": "android app homecontrol for room automation",
"scope": "lt",
"trust": 0.8,
"vendor": "siemens",
"version": "2.0.1"
},
{
"model": "homecontrol for room automation for android",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "homecontrol for room automation",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "2.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "homecontrol for room automation",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02960"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002539"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-049"
},
{
"db": "NVD",
"id": "CVE-2015-3610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:homecontrol_for_room_automation",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002539"
}
]
},
"cve": "CVE-2015-3610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2015-3610",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-02960",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-81571",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3610",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-3610",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-02960",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-049",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-81571",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02960"
},
{
"db": "VULHUB",
"id": "VHN-81571"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002539"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-049"
},
{
"db": "NVD",
"id": "CVE-2015-3610"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate. Siemens HomeControl for Room Automation for Android is an Android-based in-house automation control software. The software supports remote control of indoor heating, ventilation and air conditioning systems, etc. The vulnerability stems from the fact that the program does not verify the X.509 certificate from the SSL server",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3610"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002539"
},
{
"db": "CNVD",
"id": "CNVD-2015-02960"
},
{
"db": "IVD",
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-81571"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3610",
"trust": 3.5
},
{
"db": "SIEMENS",
"id": "SSA-311412",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201505-049",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2015-02960",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002539",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "121603",
"trust": 0.6
},
{
"db": "IVD",
"id": "91EC9FBC-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "92660D4E-1E82-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-81571",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02960"
},
{
"db": "VULHUB",
"id": "VHN-81571"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002539"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-049"
},
{
"db": "NVD",
"id": "CVE-2015-3610"
}
]
},
"id": "VAR-201505-0376",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02960"
},
{
"db": "VULHUB",
"id": "VHN-81571"
}
],
"trust": 1.7666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02960"
}
]
},
"last_update_date": "2025-04-12T22:59:26.942000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-311412",
"trust": 0.8,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311412.pdf"
},
{
"title": "Siemens HomeControl for Room Automation for Android SSL Certificate Man-in-the-Middle Attack Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/58313"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02960"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002539"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81571"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002539"
},
{
"db": "NVD",
"id": "CVE-2015-3610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-311412.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3610"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3610"
},
{
"trust": 0.6,
"url": "http://osvdb.org/show/osvdb/121603"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02960"
},
{
"db": "VULHUB",
"id": "VHN-81571"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002539"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-049"
},
{
"db": "NVD",
"id": "CVE-2015-3610"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02960"
},
{
"db": "VULHUB",
"id": "VHN-81571"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002539"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-049"
},
{
"db": "NVD",
"id": "CVE-2015-3610"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-13T00:00:00",
"db": "IVD",
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-05-13T00:00:00",
"db": "IVD",
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d"
},
{
"date": "2015-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02960"
},
{
"date": "2015-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-81571"
},
{
"date": "2015-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002539"
},
{
"date": "2015-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-049"
},
{
"date": "2015-05-07T10:59:00.093000",
"db": "NVD",
"id": "CVE-2015-3610"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02960"
},
{
"date": "2015-05-07T00:00:00",
"db": "VULHUB",
"id": "VHN-81571"
},
{
"date": "2015-05-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002539"
},
{
"date": "2015-05-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-049"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-3610"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-049"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens HomeControl for Room Automation for Android SSL Certificate man-in-the-middle attack vulnerability",
"sources": [
{
"db": "IVD",
"id": "91ec9fbc-2351-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "92660d4e-1e82-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-02960"
}
],
"trust": 1.0
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-049"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…