Vulnerability Details CVE-2017-2685
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.2%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 5.8
References
Products affected by CVE-2017-2685
-
cpe:2.3:a:siemens:sinumerik_integrate_access_mymachine/ethernet:-
-
cpe:2.3:a:siemens:sinumerik_integrate_operate_client:2.0.3.00.016
-
cpe:2.3:a:siemens:sinumerik_integrate_operate_client:3.0.4.00.032
-
cpe:2.3:a:siemens:sinumerik_operate:4.5
-
cpe:2.3:a:siemens:sinumerik_operate:4.7