CVE-2021-31892

{"id": "CVE-2021-31892", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2021-07-13T11:15:09.453", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04", "tags": ["Third Party Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINUMERIK Analyse MyCondition (Todas las versiones), SINUMERIK Analyze MyPerformance (Todas las versiones), SINUMERIK Analyze MyPerformance /OEE-Monitor (Todas las versiones), SINUMERIK Analyze MyPerformance /OEE-Tuning (Todas las versiones), SINUMERIK Integrate Client 02 (Todas las versiones posteriores a V02. 00.12 incluy\u00e9ndola, anteriores a 02.00.18), SINUMERIK Integrate Client 03 (Todas las versiones posteriores a V03.00.12 incluy\u00e9ndola, anteriores a 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 y todas las versiones posteriores a V04.00.15 incluy\u00e9ndola, anteriores a 04.00.18), SINUMERIK Integrate for Production 4.1 (Todas las versiones anteriores a V4.1 SP10 HF3), SINUMERIK Integrate for Production 5. 1 (V5. 1), SINUMERIK Manage MyMachines (Todas las versiones), SINUMERIK Manage MyMachines /Remote (Todas las versiones), SINUMERIK Manage MyMachines /Spindel Monitor (Todas las versiones), SINUMERIK Manage MyPrograms (Todas las versiones), SINUMERIK Manage MyResources /Programs (Todas las versiones), SINUMERIK Manage MyResources /Tools (Todas las versiones), SINUMERIK Manage MyTools (Todas las versiones), SINUMERIK Operate V4. 8 (Todas las versiones anteriores a V4.8 SP8), SINUMERIK Operate V4.93 (Todas las versiones anteriores a V4.93 HF7), SINUMERIK Operate V4.94 (Todas las versiones anteriores a V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (Todas las versiones). Debido a un error en una dependencia de terceros, los flags ssl usados para establecer una conexi\u00f3n TLS con un servidor se sobreescriben con una configuraci\u00f3n incorrecta. Esto resulta en una falta de comprobaci\u00f3n del certificado del servidor y, por tanto, a un posible escenario de TLS MITM"}], "lastModified": "2021-08-09T16:26:16.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_analyse_mycondition_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA2214E8-9372-4709-BE00-8F7092AAADDD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_analyse_mycondition:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A3B77B86-4A05-4341-B6D8-504470776A19"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_analyze_myperformance_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71008661-4606-4CD9-8CD2-95A5FF43F911"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_analyze_myperformance:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "687D84BA-F629-4864-8CFC-FCBE5991F70E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_integrate_client_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63B57057-5292-44D6-BC83-EA91B69F8748", "versionEndExcluding": "2.00.18", "versionStartIncluding": "2.00.12"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_integrate_client_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42430844-AEA9-49A5-A91C-26994D01CEC4", "versionEndExcluding": "3.00.18", "versionStartIncluding": "3.00.12"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_integrate_client_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BF11280-C660-48F2-806C-9521193CB7B6", "versionEndExcluding": "4.00.18", "versionStartIncluding": "4.00.15"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_integrate_client:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "60F7CAD2-5E95-4F98-BA6C-AB1BF8ECA8EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "095D8D51-84B8-488D-8B1D-91E58B2FAEBB", "versionEndIncluding": "4.1"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05C78D0D-B572-4232-B64D-52FBF3308240"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_integrate_for_production:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1DAE8F9-C0D4-45A8-A75A-F614439987F6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_manage_mymachines_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AF20AC0-5E2D-4CC5-98EC-EDE0AAC52DD4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_manage_mymachines:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2DFAC74C-D52A-4460-BF2E-2B961830E32A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_manage_myprograms_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28E2B9E8-78F1-4906-8165-0E32834E8123"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_manage_myprograms:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "41B51784-A56A-4E88-9D14-2A18FF3C839E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_manage_myresources_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0B80A62-8568-4647-AFCA-E94769B314AE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_manage_myresources:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0682FAB1-35DC-477E-8A7B-FC749E3D08DF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_manage_mytools_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10366A0A-CF45-409B-B3B4-4315613EBF62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_manage_mytools:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEB2B1B8-FF09-438A-83CA-657E9FBAC5B4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D99EAD63-DFDC-4711-91A2-B5FCF578D76D", "versionEndExcluding": "4.8"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA7D3B00-F63E-4450-95A0-6B8E98B1BE07"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56DDB3B0-66C6-44B1-8F49-B81817FCB7D9"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C27298EB-18D6-41B0-80E3-658CF5985669"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3AFA30D-7DBF-4828-AE94-9E19E073B158"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6871C117-4D81-4BDA-98AC-48666B777686"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AABA3AA8-E6BF-40A7-83FE-39DD8345C73D"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF5E34D0-B29E-41EB-9256-3EDB6FE371F8"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8AD951E-4CF5-4FE4-8254-D2FBFAF63342"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B483C710-6220-41AB-85AD-FE1961F6FE01"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9005DC09-271C-40BB-8084-8343388A0EE2"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FF1AC69-917F-4A7D-A2DD-D226757786F1"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CB684F1-DF4E-44D6-A340-2B020A814C8C"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55DA8893-DD8D-401A-A3C0-BD51C4C918DE"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C447515-89F1-4BA8-BC92-2ABC4709FF09"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "810F9A19-0C8E-4954-BE00-6F9881206011"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DDF6F7-34CE-4CCA-8E46-3DB0A62D1205"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94:hotfix_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E99BB69-215E-498C-9B9C-F1298669D4E8"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94:hotfix_2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5206317-8F28-4230-AD8B-926C65EA7284"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94:hotfix_3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43E9CFDE-E7E5-4EAA-B023-FEBDE4E399FE"}, {"criteria": "cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94:hotfix_4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E757E7DB-5358-456B-A897-B53C8615D489"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_operate:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C25600BA-6BD3-4E07-AFEF-AE5EF877CC25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:sinumerik_optimize_myprogramming_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4EAC9D5-32C9-418B-B993-A882F931CF90"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:sinumerik_optimize_myprogramming:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EC21335C-3D0B-4FFB-ADE9-6041835CA04E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}