CVE-2021-31892 Information

Jun 07, 2022 cve

Description

A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions) SINUMERIK Analyze MyPerformance (All versions) SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions) SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions) SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18) SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18) SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18) SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3) SINUMERIK Integrate for Production 5.1 (V5.1) SINUMERIK Manage MyMachines (All versions) SINUMERIK Manage MyMachines /Remote (All versions) SINUMERIK Manage MyMachines /Spindel Monitor (All versions) SINUMERIK Manage MyPrograms (All versions) SINUMERIK Manage MyResources /Programs (All versions) SINUMERIK Manage MyResources /Tools (All versions) SINUMERIK Manage MyTools (All versions) SINUMERIK Operate V4.8 (All versions < V4.8 SP8) SINUMERIK Operate V4.93 (All versions < V4.93 HF7) SINUMERIK Operate V4.94 (All versions < V4.94 HF5) SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

7.4

Share on: