Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2021-31892

Disclosure Date: July 13, 2021
CVE-2021-31892 CVSS v3 Base Score: 7.4
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.4 High
Impact Score:
5.2
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
SINUMERIK Analyse MyCondition All versions
SINUMERIK Analyze MyPerformance All versions
SINUMERIK Analyze MyPerformance /OEE-Monitor All versions
SINUMERIK Analyze MyPerformance /OEE-Tuning All versions
SINUMERIK Integrate Client 02 All versions >= V02.00.12 < 02.00.18
SINUMERIK Integrate Client 03 All versions >= V03.00.12 < 03.00.18
SINUMERIK Integrate Client 04 V04.00.02 and all versions >= V04.00.15 < 04.00.18
SINUMERIK Integrate for Production 4.1 All versions < V4.1 SP10 HF3
SINUMERIK Integrate for Production 5.1 V5.1
SINUMERIK Manage MyMachines All versions
SINUMERIK Manage MyMachines /Remote All versions
SINUMERIK Manage MyMachines /Spindel Monitor All versions
SINUMERIK Manage MyPrograms All versions
SINUMERIK Manage MyResources /Programs All versions
SINUMERIK Manage MyResources /Tools All versions
SINUMERIK Manage MyTools All versions
SINUMERIK Operate V4.8 All versions < V4.8 SP8
SINUMERIK Operate V4.93 All versions < V4.93 HF7
SINUMERIK Operate V4.94 All versions < V4.94 HF5
SINUMERIK Optimize MyProgramming /NX-Cam Editor All versions
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis