#VU54868 Improper Certificate Validation in Siemens products - CVE-2021-31892
Published: July 14, 2021
Vulnerability identifier: #VU54868
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-31892
CWE-ID: CWE-295
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
SINUMERIK Analyze MyConditionSINUMERIK Analyze MyPerformance
SINUMERIK Analyze MyPerformance / OEE-Monitor
SINUMERIK Analyze MyPerformance / OEE-Tuning
SINUMERIK Integrate for Production
SINUMERIK Manage MyMachines
SINUMERIK Manage MyMachines / Remote
SINUMERIK Manage MyMachines / Spindel Monitor
SINUMERIK Manage MyPrograms
SINUMERIK Manage MyResources / Programs
SINUMERIK Manage MyResources / Tools
SINUMERIK Manage My Tools
SINUMERIK Optimize MyProgramming / NX-Cam Editor
SINUMERIK Integrate Client 02
SINUMERIK Integrate Client 03
SINUMERIK Integrate Client 04
SINUMERIK Operate
SINUMERIK Analyze MyConditionSINUMERIK Analyze MyPerformance
SINUMERIK Analyze MyPerformance / OEE-Monitor
SINUMERIK Analyze MyPerformance / OEE-Tuning
SINUMERIK Integrate for Production
SINUMERIK Manage MyMachines
SINUMERIK Manage MyMachines / Remote
SINUMERIK Manage MyMachines / Spindel Monitor
SINUMERIK Manage MyPrograms
SINUMERIK Manage MyResources / Programs
SINUMERIK Manage MyResources / Tools
SINUMERIK Manage My Tools
SINUMERIK Optimize MyProgramming / NX-Cam Editor
SINUMERIK Integrate Client 02
SINUMERIK Integrate Client 03
SINUMERIK Integrate Client 04
SINUMERIK Operate
Software vendor:
Siemens
Siemens
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to an error in a third-party dependency, the SSL flags used for setting up a TLS connection to a server are overwritten with wrong settings. A remote attacker can perform a man-in-the-middle (MitM) attack.
Remediation
Install updates from vendor's website.