CVE-2021-31892
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
EPSS 0.10% · 28.0th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SINUMERIK Analyze MyPerformance /OEE-Monitor | All versions |
| Siemens | SINUMERIK Manage MyResources /Tools | All versions |
| Siemens | SINUMERIK Manage MyPrograms | All versions |
| Siemens | SINUMERIK Manage MyMachines /Remote | * |
| siemens | sinumerik_optimize_myprogramming_firmware | |
| siemens | sinumerik_operate_firmware | 0, 4.94, 4.8 |
| siemens | sinumerik_manage_mytools_firmware | |
| Siemens | SINUMERIK Integrate Client 03 | * |
| Siemens | SINUMERIK Manage MyMachines | All versions |
| siemens | sinumerik_analyse_mycondition_firmware | |
| Siemens | SINUMERIK Operate V4.94 | * |
| Siemens | SINUMERIK Integrate Client 02 | All versions >= V02.00.12 < 02.00.18 |
| Siemens | SINUMERIK Optimize MyProgramming /NX-Cam Editor | All versions |
| Siemens | SINUMERIK Analyze MyPerformance | All versions |
| Siemens | SINUMERIK Integrate Client 04 | V04.00.02 and all versions >= V04.00.15 < 04.00.18 |
| siemens | sinumerik_integrate_for_production_firmware | 0, 5.1 |
| Siemens | SINUMERIK Manage MyTools | All versions |
| siemens | sinumerik_manage_myresources_firmware | |
| Siemens | SINUMERIK Operate V4.8 | * |
| Siemens | SINUMERIK Integrate for Production 5.1 | V5.1 |
…and 10 more
Exploit Intelligence
Timeline
- Apr 13, 2021 CVE Published
- Jul 14, 2021 EPSS Score
- Sep 12, 2021 EPSS Score
- Nov 10, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 10, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 8, 2022 EPSS Score
- Jul 7, 2022 EPSS Score
- Sep 6, 2022 EPSS Score
- Nov 4, 2022 EPSS Score
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-641963.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-560465.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-434536.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-209268.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-173615.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-675303.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-434535.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-622535.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-661034.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-373591.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-352521.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-31892 advisory