CVE-2021-31892

Name of the Vulnerable Software and Affected Versions: SINUMERIK Analyse MyCondition versions all SINUMERIK Analyze MyPerformance versions all SINUMERIK Analyze MyPerformance /OEE-Monitor versions all SINUMERIK Analyze MyPerformance /OEE-Tuning versions all SINUMERIK Integrate Client 02 versions 02.00.12 through 02.00.17 SINUMERIK Integrate Client 03 versions 03.00.12 through 03.00.17 SINUMERIK Integrate Client 04 versions 04.00.02, 04.00.15 through 04.00.17 SINUMERIK Integrate for Production 4.1 versions prior to 4.1 SP10 HF3 SINUMERIK Integrate for Production 5.1 version 5.1 SINUMERIK Manage MyMachines versions all SINUMERIK Manage MyMachines /Remote versions all SINUMERIK Manage MyMachines /Spindel Monitor versions all SINUMERIK Manage MyPrograms versions all SINUMERIK Manage MyResources /Programs versions all SINUMERIK Manage MyResources /Tools versions all SINUMERIK Manage MyTools versions all SINUMERIK Operate V4.8 versions prior to 4.8 SP8 SINUMERIK Operate V4.93 versions prior to 4.93 HF7 SINUMERIK Operate V4.94 versions prior to 4.94 HF5 SINUMERIK Optimize MyProgramming /NX-Cam Editor versions all

Description: A vulnerability has been identified due to an error in a third-party dependency. The ssl flags used for setting up a TLS connection to a server are overwritten with wrong settings, resulting in a missing validation of the server certificate. This leads to a possible TLS MITM scenario.

Recommendations: SINUMERIK Analyse MyCondition: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Analyze MyPerformance: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Analyze MyPerformance /OEE-Monitor: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Analyze MyPerformance /OEE-Tuning: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Integrate Client 02: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Integrate Client 03: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Integrate Client 04: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Integrate for Production 4.1: Update to version 4.1 SP10 HF3 or later. SINUMERIK Integrate for Production 5.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Manage MyMachines: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Manage MyMachines /Remote: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Manage MyMachines /Spindel Monitor: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Manage MyPrograms: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Manage MyResources /Programs: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Manage MyResources /Tools: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Manage MyTools: At the moment, there is no information about a newer version that contains a fix for this vulnerability. SINUMERIK Operate V4.8: Update to version 4.8 SP8 or later. SINUMERIK Operate V4.93: Update to version 4.93 HF7 or later. SINUMERIK Operate V4.94: Update to version 4.94 HF5 or later. SINUMERIK Optimize MyProgramming /NX-Cam Editor: At the moment, there is no information about a newer version that contains a fix for this vulnerability.