7.4
CVE-2021-31892
- EPSS 0.1%
- Published 13.07.2021 11:15:09
- Last modified 21.11.2024 06:06:26
- Source productcert@siemens.com
- Teams watchlist Login
- Open Login
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
Data is provided by the National Vulnerability Database (NVD)
Siemens ≫ Sinumerik Analyse Mycondition Firmware Version-
Siemens ≫ Sinumerik Analyze Myperformance Firmware Version-
Siemens ≫ Sinumerik Integrate Client Firmware Version >= 2.00.12 < 2.00.18
Siemens ≫ Sinumerik Integrate Client Firmware Version >= 3.00.12 < 3.00.18
Siemens ≫ Sinumerik Integrate Client Firmware Version >= 4.00.15 < 4.00.18
Siemens ≫ Sinumerik Integrate For Production Firmware Version <= 4.1
Siemens ≫ Sinumerik Integrate For Production Firmware Version5.1
Siemens ≫ Sinumerik Manage Mymachines Firmware Version-
Siemens ≫ Sinumerik Manage Myprograms Firmware Version-
Siemens ≫ Sinumerik Manage Myresources Firmware Version-
Siemens ≫ Sinumerik Manage Mytools Firmware Version-
Siemens ≫ Sinumerik Operate Firmware Version < 4.8
Siemens ≫ Sinumerik Operate Firmware Version4.8 Update-
Siemens ≫ Sinumerik Operate Firmware Version4.8 Updatesp1
Siemens ≫ Sinumerik Operate Firmware Version4.8 Updatesp2
Siemens ≫ Sinumerik Operate Firmware Version4.8 Updatesp3
Siemens ≫ Sinumerik Operate Firmware Version4.8 Updatesp4
Siemens ≫ Sinumerik Operate Firmware Version4.8 Updatesp5
Siemens ≫ Sinumerik Operate Firmware Version4.8 Updatesp6
Siemens ≫ Sinumerik Operate Firmware Version4.8 Updatesp7
Siemens ≫ Sinumerik Operate Firmware Version4.93 Update-
Siemens ≫ Sinumerik Operate Firmware Version4.93 Updatehotfix_1
Siemens ≫ Sinumerik Operate Firmware Version4.93 Updatehotfix_2
Siemens ≫ Sinumerik Operate Firmware Version4.93 Updatehotfix_3
Siemens ≫ Sinumerik Operate Firmware Version4.93 Updatehotfix_4
Siemens ≫ Sinumerik Operate Firmware Version4.93 Updatehotfix_5
Siemens ≫ Sinumerik Operate Firmware Version4.93 Updatehotfix_6
Siemens ≫ Sinumerik Operate Firmware Version4.94 Update-
Siemens ≫ Sinumerik Operate Firmware Version4.94 Updatehotfix_1
Siemens ≫ Sinumerik Operate Firmware Version4.94 Updatehotfix_2
Siemens ≫ Sinumerik Operate Firmware Version4.94 Updatehotfix_3
Siemens ≫ Sinumerik Operate Firmware Version4.94 Updatehotfix_4
Siemens ≫ Sinumerik Optimize Myprogramming Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.255 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.