Vulnerability Description
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinumerik Analyse Mycondition Firmware | - |
| Siemens | Sinumerik Analyse Mycondition | - |
| Siemens | Sinumerik Analyze Myperformance Firmware | - |
| Siemens | Sinumerik Analyze Myperformance | - |
| Siemens | Sinumerik Integrate Client Firmware | >= 2.00.12, < 2.00.18 |
| Siemens | Sinumerik Integrate Client | - |
| Siemens | Sinumerik Integrate For Production Firmware | <= 4.1 |
| Siemens | Sinumerik Integrate For Production | - |
| Siemens | Sinumerik Manage Mymachines Firmware | - |
| Siemens | Sinumerik Manage Mymachines | - |
| Siemens | Sinumerik Manage Myprograms Firmware | - |
| Siemens | Sinumerik Manage Myprograms | - |
| Siemens | Sinumerik Manage Myresources Firmware | - |
| Siemens | Sinumerik Manage Myresources | - |
| Siemens | Sinumerik Manage Mytools Firmware | - |
| Siemens | Sinumerik Manage Mytools | - |
| Siemens | Sinumerik Operate Firmware | < 4.8 |
| Siemens | Sinumerik Operate | - |
| Siemens | Sinumerik Optimize Myprogramming Firmware | - |
| Siemens | Sinumerik Optimize Myprogramming | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdfVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04Third Party Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdfVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04Third Party Advisory
FAQ
What is CVE-2021-31892?
CVE-2021-31892 is a vulnerability with a CVSS score of 7.4 (HIGH). A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUME...
How severe is CVE-2021-31892?
CVE-2021-31892 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31892?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sinumerik Analyse Mycondition Firmware, Siemens Sinumerik Analyse Mycondition, Siemens Sinumerik Analyze Myperformance Firmware, Siemens Sinumerik Analyze Myperformance, Siemens Sinumerik Integrate Client Firmware.