CVSS: 7.4EPSS: 0%CPEs: 43EXPL: 0CVE-2021-31892
https://notcve.org/view.php?id=CVE-2021-31892
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario. Se ha identificado una vulnerabilidad en SINUMERIK Analyse MyCondition (Todas las versiones), SINUMERIK Analyze MyPerformance (Todas las versiones), SINUMERIK Analyze MyPerformance /OEE-Monitor (Todas las versiones), SINUMERIK Analyze MyPerformance /OEE-Tuning (Todas las versiones), SINUMERIK Integrate Client 02 (Todas las versiones posteriores a V02. 00.12 incluyéndola, anteriores a 02.00.18), SINUMERIK Integrate Client 03 (Todas las versiones posteriores a V03.00.12 incluyéndola, anteriores a 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 y todas las versiones posteriores a V04.00.15 incluyéndola, anteriores a 04.00.18), SINUMERIK Integrate for Production 4.1 (Todas las versiones anteriores a V4.1 SP10 HF3), SINUMERIK Integrate for Production 5. 1 (V5. 1), SINUMERIK Manage MyMachines (Todas las versiones), SINUMERIK Manage MyMachines /Remote (Todas las versiones), SINUMERIK Manage MyMachines /Spindel Monitor (Todas las versiones), SINUMERIK Manage MyPrograms (Todas las versiones), SINUMERIK Manage MyResources /Programs (Todas las versiones), SINUMERIK Manage MyResources /Tools (Todas las versiones), SINUMERIK Manage MyTools (Todas las versiones), SINUMERIK Operate V4. 8 (Todas las versiones anteriores a V4.8 SP8), SINUMERIK Operate V4.93 (Todas las versiones anteriores a V4.93 HF7), SINUMERIK Operate V4.94 (Todas las versiones anteriores a V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (Todas las versiones). Debido a un error en una dependencia de terceros, los flags ssl usados para establecer una conexión TLS con un servidor se sobreescriben con una configuración incorrecta. • https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04 • CWE-295: Improper Certificate Validation •
CVSS: 7.4EPSS: 0%CPEs: 5EXPL: 0CVE-2017-2685
https://notcve.org/view.php?id=CVE-2017-2685
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. Siemens SenUMERIK entegrate Operate Clients en versiones entre 2.0.3.00.016 (incluida) y 2.0.6 (excluida) y en versiones entre 3.0.4.00.032 (incluida) y 3.0.6 (excluida) contienen una vulnerabilidad que podría permitir a un atacante leer y manipular datos en sesiones TLS cuando interpreta un ataque a man-in-the-middle (MITM) • http://www.securityfocus.com/bid/96519 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-693: Protection Mechanism Failure •