Lucene search

SiemensCVE-2021-31892

HistoryJul 13, 2021 - 11:15 a.m.

CVE-2021-31892

2021-07-1311:15:09

CWE-295

siemens

web.nvd.nist.gov

cve-2021-31892

vulnerability

sinumerik

tls

mitm

nvd

security

third-party dependency

server certificate

validation

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.

Affected configurations

Nvd

Node

siemenssinumerik_analyse_mycondition_firmwareMatch-

AND

siemenssinumerik_analyse_myconditionMatch-

Node

siemenssinumerik_analyze_myperformance_firmwareMatch-

AND

siemenssinumerik_analyze_myperformanceMatch-

Node

siemenssinumerik_integrate_client_firmwareRange2.00.12–2.00.18

siemenssinumerik_integrate_client_firmwareRange3.00.12–3.00.18

siemenssinumerik_integrate_client_firmwareRange4.00.15–4.00.18

AND

siemenssinumerik_integrate_clientMatch-

Node

siemenssinumerik_integrate_for_production_firmwareRange≤4.1

siemenssinumerik_integrate_for_production_firmwareMatch5.1

AND

siemenssinumerik_integrate_for_productionMatch-

Node

siemenssinumerik_manage_mymachines_firmwareMatch-

AND

siemenssinumerik_manage_mymachinesMatch-

Node

siemenssinumerik_manage_myprograms_firmwareMatch-

AND

siemenssinumerik_manage_myprogramsMatch-

Node

siemenssinumerik_manage_myresources_firmwareMatch-

AND

siemenssinumerik_manage_myresourcesMatch-

Node

siemenssinumerik_manage_mytools_firmwareMatch-

AND

siemenssinumerik_manage_mytoolsMatch-

Node

siemenssinumerik_operate_firmwareRange<4.8

siemenssinumerik_operate_firmwareMatch4.8-

siemenssinumerik_operate_firmwareMatch4.8sp1

siemenssinumerik_operate_firmwareMatch4.8sp2

siemenssinumerik_operate_firmwareMatch4.8sp3

siemenssinumerik_operate_firmwareMatch4.8sp4

siemenssinumerik_operate_firmwareMatch4.8sp5

siemenssinumerik_operate_firmwareMatch4.8sp6

siemenssinumerik_operate_firmwareMatch4.8sp7

siemenssinumerik_operate_firmwareMatch4.93-

siemenssinumerik_operate_firmwareMatch4.93hotfix_1

siemenssinumerik_operate_firmwareMatch4.93hotfix_2

siemenssinumerik_operate_firmwareMatch4.93hotfix_3

siemenssinumerik_operate_firmwareMatch4.93hotfix_4

siemenssinumerik_operate_firmwareMatch4.93hotfix_5

siemenssinumerik_operate_firmwareMatch4.93hotfix_6

siemenssinumerik_operate_firmwareMatch4.94-

siemenssinumerik_operate_firmwareMatch4.94hotfix_1

siemenssinumerik_operate_firmwareMatch4.94hotfix_2

siemenssinumerik_operate_firmwareMatch4.94hotfix_3

siemenssinumerik_operate_firmwareMatch4.94hotfix_4

AND

siemenssinumerik_operateMatch-

Node

siemenssinumerik_optimize_myprogramming_firmwareMatch-

AND

siemenssinumerik_optimize_myprogrammingMatch-

VendorProductVersionCPE
siemenssinumerik_analyse_mycondition_firmware-cpe:2.3:o:siemens:sinumerik_analyse_mycondition_firmware:-:*:*:*:*:*:*:*
siemenssinumerik_analyse_mycondition-cpe:2.3:h:siemens:sinumerik_analyse_mycondition:-:*:*:*:*:*:*:*
siemenssinumerik_analyze_myperformance_firmware-cpe:2.3:o:siemens:sinumerik_analyze_myperformance_firmware:-:*:*:*:*:*:*:*
siemenssinumerik_analyze_myperformance-cpe:2.3:h:siemens:sinumerik_analyze_myperformance:-:*:*:*:*:*:*:*
siemenssinumerik_integrate_client_firmware*cpe:2.3:o:siemens:sinumerik_integrate_client_firmware:*:*:*:*:*:*:*:*
siemenssinumerik_integrate_client-cpe:2.3:h:siemens:sinumerik_integrate_client:-:*:*:*:*:*:*:*
siemenssinumerik_integrate_for_production_firmware*cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:*:*:*:*:*:*:*:*
siemenssinumerik_integrate_for_production_firmware5.1cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:5.1:*:*:*:*:*:*:*
siemenssinumerik_integrate_for_production-cpe:2.3:h:siemens:sinumerik_integrate_for_production:-:*:*:*:*:*:*:*
siemenssinumerik_manage_mymachines_firmware-cpe:2.3:o:siemens:sinumerik_manage_mymachines_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	sinumerik_analyse_mycondition_firmware	-	cpe:2.3:o:siemens:sinumerik_analyse_mycondition_firmware:-:::::::*
siemens	sinumerik_analyse_mycondition	-	cpe:2.3:h:siemens:sinumerik_analyse_mycondition:-:::::::*
siemens	sinumerik_analyze_myperformance_firmware	-	cpe:2.3:o:siemens:sinumerik_analyze_myperformance_firmware:-:::::::*
siemens	sinumerik_analyze_myperformance	-	cpe:2.3:h:siemens:sinumerik_analyze_myperformance:-:::::::*
siemens	sinumerik_integrate_client_firmware	*	cpe:2.3:o:siemens:sinumerik_integrate_client_firmware::::::::
siemens	sinumerik_integrate_client	-	cpe:2.3:h:siemens:sinumerik_integrate_client:-:::::::*
siemens	sinumerik_integrate_for_production_firmware	*	cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware::::::::
siemens	sinumerik_integrate_for_production_firmware	5.1	cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:5.1:::::::*
siemens	sinumerik_integrate_for_production	-	cpe:2.3:h:siemens:sinumerik_integrate_for_production:-:::::::*
siemens	sinumerik_manage_mymachines_firmware	-	cpe:2.3:o:siemens:sinumerik_manage_mymachines_firmware:-:::::::*

Rows per page:

1-10 of 411

CNA Affected

[
  {
    "product": "SINUMERIK Analyse MyCondition",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Analyze MyPerformance",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Analyze MyPerformance /OEE-Monitor",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Analyze MyPerformance /OEE-Tuning",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Integrate Client 02",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V02.00.12 < 02.00.18"
      }
    ]
  },
  {
    "product": "SINUMERIK Integrate Client 03",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V03.00.12 < 03.00.18"
      }
    ]
  },
  {
    "product": "SINUMERIK Integrate Client 04",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "V04.00.02 and all versions >= V04.00.15 < 04.00.18"
      }
    ]
  },
  {
    "product": "SINUMERIK Integrate for Production 4.1",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.1 SP10 HF3"
      }
    ]
  },
  {
    "product": "SINUMERIK Integrate for Production 5.1",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "V5.1"
      }
    ]
  },
  {
    "product": "SINUMERIK Manage MyMachines",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Manage MyMachines /Remote",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Manage MyMachines /Spindel Monitor",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Manage MyPrograms",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Manage MyResources /Programs",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Manage MyResources /Tools",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Manage MyTools",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  },
  {
    "product": "SINUMERIK Operate V4.8",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.8 SP8"
      }
    ]
  },
  {
    "product": "SINUMERIK Operate V4.93",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.93 HF7"
      }
    ]
  },
  {
    "product": "SINUMERIK Operate V4.94",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V4.94 HF5"
      }
    ]
  },
  {
    "product": "SINUMERIK Optimize MyProgramming /NX-Cam Editor",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf

us-cert.cisa.gov/ics/advisories/icsa-21-194-04

Social References

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

Related for CVE-2021-31892