// For flags

CVE-2017-2685

 

Severity Score

7.4
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.

Siemens SenUMERIK entegrate Operate Clients en versiones entre 2.0.3.00.016 (incluida) y 2.0.6 (excluida) y en versiones entre 3.0.4.00.032 (incluida) y 3.0.6 (excluida) contienen una vulnerabilidad que podrĂ­a permitir a un atacante leer y manipular datos en sesiones TLS cuando interpreta un ataque a man-in-the-middle (MITM)

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-01 CVE Reserved
  • 2017-03-01 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-693: Protection Mechanism Failure
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Siemens
Search vendor "Siemens"
Sinumerik Integrate Access Mymachine\/ethernet
Search vendor "Siemens" for product "Sinumerik Integrate Access Mymachine\/ethernet"
--
Affected
Siemens
Search vendor "Siemens"
Sinumerik Integrate Operate Client
Search vendor "Siemens" for product "Sinumerik Integrate Operate Client"
2.0.3.00.016
Search vendor "Siemens" for product "Sinumerik Integrate Operate Client" and version "2.0.3.00.016"
-
Affected
Siemens
Search vendor "Siemens"
Sinumerik Integrate Operate Client
Search vendor "Siemens" for product "Sinumerik Integrate Operate Client"
3.0.4.00.032
Search vendor "Siemens" for product "Sinumerik Integrate Operate Client" and version "3.0.4.00.032"
-
Affected
Siemens
Search vendor "Siemens"
Sinumerik Operate
Search vendor "Siemens" for product "Sinumerik Operate"
4.5
Search vendor "Siemens" for product "Sinumerik Operate" and version "4.5"
sp6
Affected
Siemens
Search vendor "Siemens"
Sinumerik Operate
Search vendor "Siemens" for product "Sinumerik Operate"
4.7
Search vendor "Siemens" for product "Sinumerik Operate" and version "4.7"
sp2
Affected