Vulnerabilites related to Siemens - SINUMERIK Integrate Client 04
cve-2021-31892
Vulnerability from cvelistv5
Published
2021-07-13 11:02
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINUMERIK Analyse MyCondition",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Analyze MyPerformance",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Analyze MyPerformance /OEE-Monitor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Analyze MyPerformance /OEE-Tuning",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Integrate Client 02",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V02.00.12 \u003c 02.00.18"
}
]
},
{
"product": "SINUMERIK Integrate Client 03",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V03.00.12 \u003c 03.00.18"
}
]
},
{
"product": "SINUMERIK Integrate Client 04",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18"
}
]
},
{
"product": "SINUMERIK Integrate for Production 4.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1 SP10 HF3"
}
]
},
{
"product": "SINUMERIK Integrate for Production 5.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "V5.1"
}
]
},
{
"product": "SINUMERIK Manage MyMachines",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyMachines /Remote",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyMachines /Spindel Monitor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyPrograms",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyResources /Programs",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyResources /Tools",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Manage MyTools",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINUMERIK Operate V4.8",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.8 SP8"
}
]
},
{
"product": "SINUMERIK Operate V4.93",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.93 HF7"
}
]
},
{
"product": "SINUMERIK Operate V4.94",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.94 HF5"
}
]
},
{
"product": "SINUMERIK Optimize MyProgramming /NX-Cam Editor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions \u003e= V02.00.12 \u003c 02.00.18), SINUMERIK Integrate Client 03 (All versions \u003e= V03.00.12 \u003c 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions \u003c V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions \u003c V4.8 SP8), SINUMERIK Operate V4.93 (All versions \u003c V4.93 HF7), SINUMERIK Operate V4.94 (All versions \u003c V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295: Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-30T18:51:21",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-31892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINUMERIK Analyse MyCondition",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Analyze MyPerformance",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Analyze MyPerformance /OEE-Monitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Analyze MyPerformance /OEE-Tuning",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Integrate Client 02",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V02.00.12 \u003c 02.00.18"
}
]
}
},
{
"product_name": "SINUMERIK Integrate Client 03",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V03.00.12 \u003c 03.00.18"
}
]
}
},
{
"product_name": "SINUMERIK Integrate Client 04",
"version": {
"version_data": [
{
"version_value": "V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18"
}
]
}
},
{
"product_name": "SINUMERIK Integrate for Production 4.1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1 SP10 HF3"
}
]
}
},
{
"product_name": "SINUMERIK Integrate for Production 5.1",
"version": {
"version_data": [
{
"version_value": "V5.1"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyMachines",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyMachines /Remote",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyMachines /Spindel Monitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyPrograms",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyResources /Programs",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyResources /Tools",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Manage MyTools",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINUMERIK Operate V4.8",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.8 SP8"
}
]
}
},
{
"product_name": "SINUMERIK Operate V4.93",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.93 HF7"
}
]
}
},
{
"product_name": "SINUMERIK Operate V4.94",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.94 HF5"
}
]
}
},
{
"product_name": "SINUMERIK Optimize MyProgramming /NX-Cam Editor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions \u003e= V02.00.12 \u003c 02.00.18), SINUMERIK Integrate Client 03 (All versions \u003e= V03.00.12 \u003c 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions \u003c V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions \u003c V4.8 SP8), SINUMERIK Operate V4.93 (All versions \u003c V4.93 HF7), SINUMERIK Operate V4.94 (All versions \u003c V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295: Improper Certificate Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-31892",
"datePublished": "2021-07-13T11:02:55",
"dateReserved": "2021-04-29T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}