PT-2017-15472 · Siemens · Sinumerik Integrate Operate Clients

Published

2017-03-01

Updated

2019-10-09

CVE-2017-2685

CVSS v3.1

7.4

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Siemens SINUMERIK Integrate Operate Clients versions 2.0.3.00.016 through 2.0.6 Siemens SINUMERIK Integrate Operate Clients versions 3.0.4.00.032 through 3.0.6

Description The issue allows an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.

Recommendations For versions 2.0.3.00.016 through 2.0.6, update to a version outside of this range to resolve the issue. For versions 3.0.4.00.032 through 3.0.6, update to a version outside of this range to resolve the issue.

Fix

Information Disclosure

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-693

Related Identifiers

CVE-2017-2685

Affected Products

Sinumerik Integrate Operate Clients

PT-2017-15472 · Siemens · Sinumerik Integrate Operate Clients

CVE-2017-2685

Weakness Enumeration

Related Identifiers

Affected Products

References · 4