CVE-2021-31892
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
Se ha identificado una vulnerabilidad en SINUMERIK Analyse MyCondition (Todas las versiones), SINUMERIK Analyze MyPerformance (Todas las versiones), SINUMERIK Analyze MyPerformance /OEE-Monitor (Todas las versiones), SINUMERIK Analyze MyPerformance /OEE-Tuning (Todas las versiones), SINUMERIK Integrate Client 02 (Todas las versiones posteriores a V02. 00.12 incluyéndola, anteriores a 02.00.18), SINUMERIK Integrate Client 03 (Todas las versiones posteriores a V03.00.12 incluyéndola, anteriores a 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 y todas las versiones posteriores a V04.00.15 incluyéndola, anteriores a 04.00.18), SINUMERIK Integrate for Production 4.1 (Todas las versiones anteriores a V4.1 SP10 HF3), SINUMERIK Integrate for Production 5. 1 (V5. 1), SINUMERIK Manage MyMachines (Todas las versiones), SINUMERIK Manage MyMachines /Remote (Todas las versiones), SINUMERIK Manage MyMachines /Spindel Monitor (Todas las versiones), SINUMERIK Manage MyPrograms (Todas las versiones), SINUMERIK Manage MyResources /Programs (Todas las versiones), SINUMERIK Manage MyResources /Tools (Todas las versiones), SINUMERIK Manage MyTools (Todas las versiones), SINUMERIK Operate V4. 8 (Todas las versiones anteriores a V4.8 SP8), SINUMERIK Operate V4.93 (Todas las versiones anteriores a V4.93 HF7), SINUMERIK Operate V4.94 (Todas las versiones anteriores a V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (Todas las versiones). Debido a un error en una dependencia de terceros, los flags ssl usados para establecer una conexión TLS con un servidor se sobreescriben con una configuración incorrecta. Esto resulta en una falta de comprobación del certificado del servidor y, por tanto, a un posible escenario de TLS MITM
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-29 CVE Reserved
- 2021-07-13 CVE Published
- 2024-03-28 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf | 2021-08-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Sinumerik Analyse Mycondition Firmware Search vendor "Siemens" for product "Sinumerik Analyse Mycondition Firmware" | - | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Analyse Mycondition Search vendor "Siemens" for product "Sinumerik Analyse Mycondition" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Analyze Myperformance Firmware Search vendor "Siemens" for product "Sinumerik Analyze Myperformance Firmware" | - | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Analyze Myperformance Search vendor "Siemens" for product "Sinumerik Analyze Myperformance" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Integrate Client Firmware Search vendor "Siemens" for product "Sinumerik Integrate Client Firmware" | >= 2.00.12 < 2.00.18 Search vendor "Siemens" for product "Sinumerik Integrate Client Firmware" and version " >= 2.00.12 < 2.00.18" | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Integrate Client Search vendor "Siemens" for product "Sinumerik Integrate Client" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Integrate Client Firmware Search vendor "Siemens" for product "Sinumerik Integrate Client Firmware" | >= 3.00.12 < 3.00.18 Search vendor "Siemens" for product "Sinumerik Integrate Client Firmware" and version " >= 3.00.12 < 3.00.18" | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Integrate Client Search vendor "Siemens" for product "Sinumerik Integrate Client" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Integrate Client Firmware Search vendor "Siemens" for product "Sinumerik Integrate Client Firmware" | >= 4.00.15 < 4.00.18 Search vendor "Siemens" for product "Sinumerik Integrate Client Firmware" and version " >= 4.00.15 < 4.00.18" | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Integrate Client Search vendor "Siemens" for product "Sinumerik Integrate Client" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Integrate For Production Firmware Search vendor "Siemens" for product "Sinumerik Integrate For Production Firmware" | <= 4.1 Search vendor "Siemens" for product "Sinumerik Integrate For Production Firmware" and version " <= 4.1" | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Integrate For Production Search vendor "Siemens" for product "Sinumerik Integrate For Production" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Integrate For Production Firmware Search vendor "Siemens" for product "Sinumerik Integrate For Production Firmware" | 5.1 Search vendor "Siemens" for product "Sinumerik Integrate For Production Firmware" and version "5.1" | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Integrate For Production Search vendor "Siemens" for product "Sinumerik Integrate For Production" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Manage Mymachines Firmware Search vendor "Siemens" for product "Sinumerik Manage Mymachines Firmware" | - | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Manage Mymachines Search vendor "Siemens" for product "Sinumerik Manage Mymachines" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Manage Myprograms Firmware Search vendor "Siemens" for product "Sinumerik Manage Myprograms Firmware" | - | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Manage Myprograms Search vendor "Siemens" for product "Sinumerik Manage Myprograms" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Manage Myresources Firmware Search vendor "Siemens" for product "Sinumerik Manage Myresources Firmware" | - | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Manage Myresources Search vendor "Siemens" for product "Sinumerik Manage Myresources" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Manage Mytools Firmware Search vendor "Siemens" for product "Sinumerik Manage Mytools Firmware" | - | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Manage Mytools Search vendor "Siemens" for product "Sinumerik Manage Mytools" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | < 4.8 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version " < 4.8" | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.8 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.8" | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.8 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.8" | sp1 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.8 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.8" | sp2 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.8 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.8" | sp3 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.8 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.8" | sp4 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.8 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.8" | sp5 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.8 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.8" | sp6 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.8 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.8" | sp7 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.93 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.93" | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.93 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.93" | hotfix_1 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.93 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.93" | hotfix_2 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.93 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.93" | hotfix_3 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.93 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.93" | hotfix_4 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.93 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.93" | hotfix_5 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.93 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.93" | hotfix_6 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.94 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.94" | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.94 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.94" | hotfix_1 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.94 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.94" | hotfix_2 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.94 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.94" | hotfix_3 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Operate Firmware Search vendor "Siemens" for product "Sinumerik Operate Firmware" | 4.94 Search vendor "Siemens" for product "Sinumerik Operate Firmware" and version "4.94" | hotfix_4 |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Operate Search vendor "Siemens" for product "Sinumerik Operate" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sinumerik Optimize Myprogramming Firmware Search vendor "Siemens" for product "Sinumerik Optimize Myprogramming Firmware" | - | - |
Affected
| in | Siemens Search vendor "Siemens" | Sinumerik Optimize Myprogramming Search vendor "Siemens" for product "Sinumerik Optimize Myprogramming" | - | - |
Safe
|