CVE Vulnerabilities

CVE-2017-2685

Protection Mechanism Failure

Published: Mar 01, 2017 | Modified: Nov 21, 2024
CVSS 3.x
7.4
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.

Weakness

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Affected Software

Name Vendor Start Version End Version
Sinumerik_integrate_access_mymachine/ethernet Siemens - (including) - (including)
Sinumerik_integrate_operate_client Siemens 2.0.3.00.016 (including) 2.0.3.00.016 (including)
Sinumerik_integrate_operate_client Siemens 3.0.4.00.032 (including) 3.0.4.00.032 (including)
Sinumerik_operate Siemens 4.5-sp6 (including) 4.5-sp6 (including)
Sinumerik_operate Siemens 4.7-sp2 (including) 4.7-sp2 (including)

References