TROYANOSYVIRUS
Volver a CVEs

CVE-2021-31892

HIGH
7.4

Descripcion

A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.

Detalles CVE

Puntuacion CVSS v3.17.4
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/13/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

siemens:sinumerik_analyse_myconditionsiemens:sinumerik_analyse_mycondition_firmwaresiemens:sinumerik_analyze_myperformancesiemens:sinumerik_analyze_myperformance_firmwaresiemens:sinumerik_integrate_clientsiemens:sinumerik_integrate_client_firmwaresiemens:sinumerik_integrate_for_productionsiemens:sinumerik_integrate_for_production_firmwaresiemens:sinumerik_manage_mymachinessiemens:sinumerik_manage_mymachines_firmwaresiemens:sinumerik_manage_myprogramssiemens:sinumerik_manage_myprograms_firmwaresiemens:sinumerik_manage_myresourcessiemens:sinumerik_manage_myresources_firmwaresiemens:sinumerik_manage_mytoolssiemens:sinumerik_manage_mytools_firmwaresiemens:sinumerik_operatesiemens:sinumerik_operate_firmwaresiemens:sinumerik_optimize_myprogrammingsiemens:sinumerik_optimize_myprogramming_firmware

Debilidades (CWE)

CWE-295

Referencias

https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf(productcert@siemens.com)
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04(productcert@siemens.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.