TROYANOSYVIRUS
Back to CVEs

CVE-2021-31892

HIGH
7.4

Description

A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.

CVE Details

CVSS v3.1 Score7.4
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published7/13/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0

Affected Products

siemens:sinumerik_analyse_myconditionsiemens:sinumerik_analyse_mycondition_firmwaresiemens:sinumerik_analyze_myperformancesiemens:sinumerik_analyze_myperformance_firmwaresiemens:sinumerik_integrate_clientsiemens:sinumerik_integrate_client_firmwaresiemens:sinumerik_integrate_for_productionsiemens:sinumerik_integrate_for_production_firmwaresiemens:sinumerik_manage_mymachinessiemens:sinumerik_manage_mymachines_firmwaresiemens:sinumerik_manage_myprogramssiemens:sinumerik_manage_myprograms_firmwaresiemens:sinumerik_manage_myresourcessiemens:sinumerik_manage_myresources_firmwaresiemens:sinumerik_manage_mytoolssiemens:sinumerik_manage_mytools_firmwaresiemens:sinumerik_operatesiemens:sinumerik_operate_firmwaresiemens:sinumerik_optimize_myprogrammingsiemens:sinumerik_optimize_myprogramming_firmware

Weaknesses (CWE)

CWE-295

References

https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf(productcert@siemens.com)
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04(productcert@siemens.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.