Vulnerability Details CVE-2021-31892
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.8%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 5.8
References
Products affected by CVE-2021-31892
-
cpe:2.3:h:siemens:sinumerik_analyse_mycondition:-
-
cpe:2.3:h:siemens:sinumerik_analyze_myperformance:-
-
cpe:2.3:h:siemens:sinumerik_integrate_client:-
-
cpe:2.3:h:siemens:sinumerik_integrate_for_production:-
-
cpe:2.3:h:siemens:sinumerik_manage_mymachines:-
-
cpe:2.3:h:siemens:sinumerik_manage_myprograms:-
-
cpe:2.3:h:siemens:sinumerik_manage_myresources:-
-
cpe:2.3:h:siemens:sinumerik_manage_mytools:-
-
cpe:2.3:h:siemens:sinumerik_operate:-
-
cpe:2.3:h:siemens:sinumerik_optimize_myprogramming:-
-
cpe:2.3:o:siemens:sinumerik_analyse_mycondition_firmware:-
-
cpe:2.3:o:siemens:sinumerik_analyze_myperformance_firmware:-
-
cpe:2.3:o:siemens:sinumerik_integrate_client_firmware:*
-
cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:*
-
cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:5.1
-
cpe:2.3:o:siemens:sinumerik_manage_mymachines_firmware:-
-
cpe:2.3:o:siemens:sinumerik_manage_myprograms_firmware:-
-
cpe:2.3:o:siemens:sinumerik_manage_myresources_firmware:-
-
cpe:2.3:o:siemens:sinumerik_manage_mytools_firmware:-
-
cpe:2.3:o:siemens:sinumerik_operate_firmware:*
-
cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8
-
cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93
-
cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94
-
cpe:2.3:o:siemens:sinumerik_optimize_myprogramming_firmware:-