VAR-201508-0023
Vulnerability from variot - Updated: 2025-04-12 23:24The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Siemens COMPAS Mobile application for Android is a Siemens-based Android-based rapid search and view of existing quotations and orders and applications for generating reports and drawings. A security vulnerability exists in the Siemens COMPAS Mobile application 1.5 and earlier based on the Android platform. The vulnerability stems from the fact that the program does not correctly verify the X.509 certificate on the SSL server side
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "compas",
"scope": "lt",
"trust": 1.4,
"vendor": "siemens",
"version": "1.6"
},
{
"model": "compas",
"scope": "lte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "compas",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "1.5"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compas",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "783baac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004521"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-573"
},
{
"db": "NVD",
"id": "CVE-2015-5717"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:siemens:compas",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004521"
}
]
},
"cve": "CVE-2015-5717",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-5717",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-05811",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "783baac2-2351-11e6-abef-000c29c66e3d",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-83678",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5717",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-5717",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05811",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-573",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "783baac2-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83678",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "783baac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"db": "VULHUB",
"id": "VHN-83678"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004521"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-573"
},
{
"db": "NVD",
"id": "CVE-2015-5717"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Siemens COMPAS Mobile application for Android is a Siemens-based Android-based rapid search and view of existing quotations and orders and applications for generating reports and drawings. A security vulnerability exists in the Siemens COMPAS Mobile application 1.5 and earlier based on the Android platform. The vulnerability stems from the fact that the program does not correctly verify the X.509 certificate on the SSL server side",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5717"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004521"
},
{
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"db": "IVD",
"id": "783baac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-83678"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-5717",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-504631",
"trust": 2.3
},
{
"db": "CNNVD",
"id": "CNNVD-201508-573",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-05811",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004521",
"trust": 0.8
},
{
"db": "IVD",
"id": "783BAAC2-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-89491",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-83678",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "783baac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"db": "VULHUB",
"id": "VHN-83678"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004521"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-573"
},
{
"db": "NVD",
"id": "CVE-2015-5717"
}
]
},
"id": "VAR-201508-0023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "783baac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"db": "VULHUB",
"id": "VHN-83678"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "783baac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05811"
}
]
},
"last_update_date": "2025-04-12T23:24:37.282000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "COMPAS",
"trust": 0.8,
"url": "https://play.google.com/store/apps/details?id=com.siemens.compass\u0026hl=ja"
},
{
"title": "SSA-504631",
"trust": 0.8,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-504631.pdf"
},
{
"title": "Siemens COMPAS Mobile application enters patch for verification vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/63563"
},
{
"title": "Siemens COMPAS Mobile Application input validation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61025"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004521"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-573"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83678"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004521"
},
{
"db": "NVD",
"id": "CVE-2015-5717"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-504631.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5717"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5717"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"db": "VULHUB",
"id": "VHN-83678"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004521"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-573"
},
{
"db": "NVD",
"id": "CVE-2015-5717"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "783baac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"db": "VULHUB",
"id": "VHN-83678"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004521"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-573"
},
{
"db": "NVD",
"id": "CVE-2015-5717"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-07T00:00:00",
"db": "IVD",
"id": "783baac2-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"date": "2015-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83678"
},
{
"date": "2015-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004521"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-573"
},
{
"date": "2015-08-31T10:59:17.160000",
"db": "NVD",
"id": "CVE-2015-5717"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"date": "2015-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-83678"
},
{
"date": "2015-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004521"
},
{
"date": "2015-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-573"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-5717"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-573"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens COMPAS Mobile Application Input Validation Vulnerability",
"sources": [
{
"db": "IVD",
"id": "783baac2-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-05811"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-573"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-573"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…