CVE-2024-31853

Name of the Vulnerable Software and Affected Versions: SICAM TOOLBOX II versions prior to V07.11

Description: A issue has been identified in the application where it fails to check the extended key usage attribute of a device's certificate when establishing an HTTPS connection to the TLS server of a managed device. This could allow an attacker to execute an on-path network attack, also known as a man-in-the-middle (MitM) attack.

Recommendations: For versions prior to V07.11, update to version V07.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the TLS server of managed devices until the update is applied. Avoid using the affected application to establish HTTPS connections to devices with unverified certificates.