CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
33.2%
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
Vendor | Product | Version | CPE |
---|---|---|---|
siemens | sinumerik_analyse_mycondition_firmware | - | cpe:2.3:o:siemens:sinumerik_analyse_mycondition_firmware:-:*:*:*:*:*:*:* |
siemens | sinumerik_analyse_mycondition | - | cpe:2.3:h:siemens:sinumerik_analyse_mycondition:-:*:*:*:*:*:*:* |
siemens | sinumerik_analyze_myperformance_firmware | - | cpe:2.3:o:siemens:sinumerik_analyze_myperformance_firmware:-:*:*:*:*:*:*:* |
siemens | sinumerik_analyze_myperformance | - | cpe:2.3:h:siemens:sinumerik_analyze_myperformance:-:*:*:*:*:*:*:* |
siemens | sinumerik_integrate_client_firmware | * | cpe:2.3:o:siemens:sinumerik_integrate_client_firmware:*:*:*:*:*:*:*:* |
siemens | sinumerik_integrate_client | - | cpe:2.3:h:siemens:sinumerik_integrate_client:-:*:*:*:*:*:*:* |
siemens | sinumerik_integrate_for_production_firmware | * | cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:*:*:*:*:*:*:*:* |
siemens | sinumerik_integrate_for_production_firmware | 5.1 | cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:5.1:*:*:*:*:*:*:* |
siemens | sinumerik_integrate_for_production | - | cpe:2.3:h:siemens:sinumerik_integrate_for_production:-:*:*:*:*:*:*:* |
siemens | sinumerik_manage_mymachines_firmware | - | cpe:2.3:o:siemens:sinumerik_manage_mymachines_firmware:-:*:*:*:*:*:*:* |
[
{
"product": "SINUMERIK Analyse MyCondition",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Analyze MyPerformance",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Analyze MyPerformance /OEE-Monitor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Analyze MyPerformance /OEE-Tuning",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Integrate Client 02",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions >= V02.00.12 < 02.00.18"
}
]
},
{
"product": "SINUMERIK Integrate Client 03",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions >= V03.00.12 < 03.00.18"
}
]
},
{
"product": "SINUMERIK Integrate Client 04",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V04.00.02 and all versions >= V04.00.15 < 04.00.18"
}
]
},
{
"product": "SINUMERIK Integrate for Production 4.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V4.1 SP10 HF3"
}
]
},
{
"product": "SINUMERIK Integrate for Production 5.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V5.1"
}
]
},
{
"product": "SINUMERIK Manage MyMachines",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyMachines /Remote",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyMachines /Spindel Monitor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyPrograms",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyResources /Programs",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyResources /Tools",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyTools",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Operate V4.8",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V4.8 SP8"
}
]
},
{
"product": "SINUMERIK Operate V4.93",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V4.93 HF7"
}
]
},
{
"product": "SINUMERIK Operate V4.94",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions < V4.94 HF5"
}
]
},
{
"product": "SINUMERIK Optimize MyProgramming /NX-Cam Editor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
]
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
33.2%