CVE-2024-31854

Name of the Vulnerable Software and Affected Versions: SICAM TOOLBOX II versions prior to V07.11

Description: A issue has been identified in the application where it fails to compare the common name of a device's certificate with an expected value when establishing an HTTPS connection to the TLS server of a managed device. This could allow an attacker to execute an on-path network attack, also known as a man-in-the-middle (MitM) attack.

Recommendations: For versions prior to V07.11, update to version V07.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the TLS server of managed devices to minimize the risk of exploitation. Avoid using the affected application to establish HTTPS connections to untrusted devices until the issue is resolved.