CVE-2021-31892
Description
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
23All versions+ 1 more
- (no CPE)range: All versions
- (no CPE)range: All versions
>=V02.00.12 < 02.00.18+ 3 more
- (no CPE)range: >=V02.00.12 < 02.00.18
- (no CPE)range: All versions >= V02.00.12 < 02.00.18
- (no CPE)range: All versions >= V03.00.12 < 03.00.18
- (no CPE)range: V04.00.02 and all versions >= V04.00.15 < 04.00.18
< V4.8 SP8+ 3 more
- (no CPE)range: < V4.8 SP8
- (no CPE)range: All versions < V4.8 SP8
- (no CPE)range: All versions < V4.93 HF7
- (no CPE)range: All versions < V4.94 HF5
- Siemens/SINUMERIK Analyze MyPerformancev5Range: All versions
- Siemens/SINUMERIK Analyze MyPerformance /OEE-Monitorv5Range: All versions
- Siemens/SINUMERIK Analyze MyPerformance /OEE-Tuningv5Range: All versions
- Siemens/SINUMERIK Integrate for Production 4.1v5Range: All versions < V4.1 SP10 HF3
- Siemens/SINUMERIK Integrate for Production 5.1v5Range: V5.1
- Siemens/SINUMERIK Manage MyMachinesv5Range: All versions
- Siemens/SINUMERIK Manage MyMachines /Remotev5Range: All versions
- Siemens/SINUMERIK Manage MyMachines /Spindel Monitorv5Range: All versions
- Siemens/SINUMERIK Manage MyProgramsv5Range: All versions
- Siemens/SINUMERIK Manage MyResources /Programsv5Range: All versions
- Siemens/SINUMERIK Manage MyResources /Toolsv5Range: All versions
- Siemens/SINUMERIK Manage MyToolsv5Range: All versions
- Siemens/SINUMERIK Optimize MyProgramming /NX-Cam Editorv5Range: All versions
Patches
Vulnerability mechanics
References
2- cert-portal.siemens.com/productcert/pdf/ssa-729965.pdfmitrex_refsource_MISC
- us-cert.cisa.gov/ics/advisories/icsa-21-194-04mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.