CVE-2021-31892
Vulnerability from cvelistv5
Published
2021-07-13 11:02
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
References
▼ | URL | Tags | |
---|---|---|---|
productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf | Vendor Advisory | |
productcert@siemens.com | https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04 | Third Party Advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T23:10:30.735Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SINUMERIK Analyse MyCondition", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Analyze MyPerformance", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Analyze MyPerformance /OEE-Monitor", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Analyze MyPerformance /OEE-Tuning", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Integrate Client 02", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V02.00.12 \u003c 02.00.18" } ] }, { "product": "SINUMERIK Integrate Client 03", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V03.00.12 \u003c 03.00.18" } ] }, { "product": "SINUMERIK Integrate Client 04", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18" } ] }, { "product": "SINUMERIK Integrate for Production 4.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1 SP10 HF3" } ] }, { "product": "SINUMERIK Integrate for Production 5.1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "V5.1" } ] }, { "product": "SINUMERIK Manage MyMachines", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Manage MyMachines /Remote", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Manage MyMachines /Spindel Monitor", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Manage MyPrograms", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Manage MyResources /Programs", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Manage MyResources /Tools", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Manage MyTools", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SINUMERIK Operate V4.8", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP8" } ] }, { "product": "SINUMERIK Operate V4.93", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.93 HF7" } ] }, { "product": "SINUMERIK Operate V4.94", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.94 HF5" } ] }, { "product": "SINUMERIK Optimize MyProgramming /NX-Cam Editor", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions \u003e= V02.00.12 \u003c 02.00.18), SINUMERIK Integrate Client 03 (All versions \u003e= V03.00.12 \u003c 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions \u003c V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions \u003c V4.8 SP8), SINUMERIK Operate V4.93 (All versions \u003c V4.93 HF7), SINUMERIK Operate V4.94 (All versions \u003c V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-30T18:51:21", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-31892", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SINUMERIK Analyse MyCondition", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Analyze MyPerformance", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Analyze MyPerformance /OEE-Monitor", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Analyze MyPerformance /OEE-Tuning", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Integrate Client 02", "version": { "version_data": [ { "version_value": "All versions \u003e= V02.00.12 \u003c 02.00.18" } ] } }, { "product_name": "SINUMERIK Integrate Client 03", "version": { "version_data": [ { "version_value": "All versions \u003e= V03.00.12 \u003c 03.00.18" } ] } }, { "product_name": "SINUMERIK Integrate Client 04", "version": { "version_data": [ { "version_value": "V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18" } ] } }, { "product_name": "SINUMERIK Integrate for Production 4.1", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1 SP10 HF3" } ] } }, { "product_name": "SINUMERIK Integrate for Production 5.1", "version": { "version_data": [ { "version_value": "V5.1" } ] } }, { "product_name": "SINUMERIK Manage MyMachines", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Manage MyMachines /Remote", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Manage MyMachines /Spindel Monitor", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Manage MyPrograms", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Manage MyResources /Programs", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Manage MyResources /Tools", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Manage MyTools", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SINUMERIK Operate V4.8", "version": { "version_data": [ { "version_value": "All versions \u003c V4.8 SP8" } ] } }, { "product_name": "SINUMERIK Operate V4.93", "version": { "version_data": [ { "version_value": "All versions \u003c V4.93 HF7" } ] } }, { "product_name": "SINUMERIK Operate V4.94", "version": { "version_data": [ { "version_value": "All versions \u003c V4.94 HF5" } ] } }, { "product_name": "SINUMERIK Optimize MyProgramming /NX-Cam Editor", "version": { "version_data": [ { "version_value": "All versions" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions \u003e= V02.00.12 \u003c 02.00.18), SINUMERIK Integrate Client 03 (All versions \u003e= V03.00.12 \u003c 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions \u003c V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions \u003c V4.8 SP8), SINUMERIK Operate V4.93 (All versions \u003c V4.93 HF7), SINUMERIK Operate V4.94 (All versions \u003c V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-295: Improper Certificate Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-31892", "datePublished": "2021-07-13T11:02:55", "dateReserved": "2021-04-29T00:00:00", "dateUpdated": "2024-08-03T23:10:30.735Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-31892\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2021-07-13T11:15:09.453\",\"lastModified\":\"2021-08-09T16:26:16.037\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions \u003e= V02.00.12 \u003c 02.00.18), SINUMERIK Integrate Client 03 (All versions \u003e= V03.00.12 \u003c 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions \u003e= V04.00.15 \u003c 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions \u003c V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions \u003c V4.8 SP8), SINUMERIK Operate V4.93 (All versions \u003c V4.93 HF7), SINUMERIK Operate V4.94 (All versions \u003c V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en SINUMERIK Analyse MyCondition (Todas las versiones), SINUMERIK Analyze MyPerformance (Todas las versiones), SINUMERIK Analyze MyPerformance /OEE-Monitor (Todas las versiones), SINUMERIK Analyze MyPerformance /OEE-Tuning (Todas las versiones), SINUMERIK Integrate Client 02 (Todas las versiones posteriores a V02. 00.12 incluy\u00e9ndola, anteriores a 02.00.18), SINUMERIK Integrate Client 03 (Todas las versiones posteriores a V03.00.12 incluy\u00e9ndola, anteriores a 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 y todas las versiones posteriores a V04.00.15 incluy\u00e9ndola, anteriores a 04.00.18), SINUMERIK Integrate for Production 4.1 (Todas las versiones anteriores a V4.1 SP10 HF3), SINUMERIK Integrate for Production 5. 1 (V5. 1), SINUMERIK Manage MyMachines (Todas las versiones), SINUMERIK Manage MyMachines /Remote (Todas las versiones), SINUMERIK Manage MyMachines /Spindel Monitor (Todas las versiones), SINUMERIK Manage MyPrograms (Todas las versiones), SINUMERIK Manage MyResources /Programs (Todas las versiones), SINUMERIK Manage MyResources /Tools (Todas las versiones), SINUMERIK Manage MyTools (Todas las versiones), SINUMERIK Operate V4. 8 (Todas las versiones anteriores a V4.8 SP8), SINUMERIK Operate V4.93 (Todas las versiones anteriores a V4.93 HF7), SINUMERIK Operate V4.94 (Todas las versiones anteriores a V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (Todas las versiones). Debido a un error en una dependencia de terceros, los flags ssl usados para establecer una conexi\u00f3n TLS con un servidor se sobreescriben con una configuraci\u00f3n incorrecta. Esto resulta en una falta de comprobaci\u00f3n del certificado del servidor y, por tanto, a un posible escenario de TLS MITM\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_analyse_mycondition_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA2214E8-9372-4709-BE00-8F7092AAADDD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_analyse_mycondition:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3B77B86-4A05-4341-B6D8-504470776A19\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_analyze_myperformance_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71008661-4606-4CD9-8CD2-95A5FF43F911\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_analyze_myperformance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"687D84BA-F629-4864-8CFC-FCBE5991F70E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_integrate_client_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.00.12\",\"versionEndExcluding\":\"2.00.18\",\"matchCriteriaId\":\"63B57057-5292-44D6-BC83-EA91B69F8748\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_integrate_client_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.00.12\",\"versionEndExcluding\":\"3.00.18\",\"matchCriteriaId\":\"42430844-AEA9-49A5-A91C-26994D01CEC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_integrate_client_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.00.15\",\"versionEndExcluding\":\"4.00.18\",\"matchCriteriaId\":\"5BF11280-C660-48F2-806C-9521193CB7B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_integrate_client:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60F7CAD2-5E95-4F98-BA6C-AB1BF8ECA8EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.1\",\"matchCriteriaId\":\"095D8D51-84B8-488D-8B1D-91E58B2FAEBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_integrate_for_production_firmware:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05C78D0D-B572-4232-B64D-52FBF3308240\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_integrate_for_production:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1DAE8F9-C0D4-45A8-A75A-F614439987F6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_manage_mymachines_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AF20AC0-5E2D-4CC5-98EC-EDE0AAC52DD4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_manage_mymachines:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DFAC74C-D52A-4460-BF2E-2B961830E32A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_manage_myprograms_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28E2B9E8-78F1-4906-8165-0E32834E8123\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_manage_myprograms:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41B51784-A56A-4E88-9D14-2A18FF3C839E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_manage_myresources_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0B80A62-8568-4647-AFCA-E94769B314AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_manage_myresources:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0682FAB1-35DC-477E-8A7B-FC749E3D08DF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_manage_mytools_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10366A0A-CF45-409B-B3B4-4315613EBF62\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_manage_mytools:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEB2B1B8-FF09-438A-83CA-657E9FBAC5B4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.8\",\"matchCriteriaId\":\"D99EAD63-DFDC-4711-91A2-B5FCF578D76D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA7D3B00-F63E-4450-95A0-6B8E98B1BE07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"56DDB3B0-66C6-44B1-8F49-B81817FCB7D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C27298EB-18D6-41B0-80E3-658CF5985669\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3AFA30D-7DBF-4828-AE94-9E19E073B158\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6871C117-4D81-4BDA-98AC-48666B777686\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp5:*:*:*:*:*:*\",\"matchCriteriaId\":\"AABA3AA8-E6BF-40A7-83FE-39DD8345C73D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF5E34D0-B29E-41EB-9256-3EDB6FE371F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.8:sp7:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8AD951E-4CF5-4FE4-8254-D2FBFAF63342\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B483C710-6220-41AB-85AD-FE1961F6FE01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9005DC09-271C-40BB-8084-8343388A0EE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF1AC69-917F-4A7D-A2DD-D226757786F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB684F1-DF4E-44D6-A340-2B020A814C8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"55DA8893-DD8D-401A-A3C0-BD51C4C918DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C447515-89F1-4BA8-BC92-2ABC4709FF09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.93:hotfix_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"810F9A19-0C8E-4954-BE00-6F9881206011\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"24DDF6F7-34CE-4CCA-8E46-3DB0A62D1205\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94:hotfix_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E99BB69-215E-498C-9B9C-F1298669D4E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94:hotfix_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5206317-8F28-4230-AD8B-926C65EA7284\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94:hotfix_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"43E9CFDE-E7E5-4EAA-B023-FEBDE4E399FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_operate_firmware:4.94:hotfix_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E757E7DB-5358-456B-A897-B53C8615D489\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_operate:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C25600BA-6BD3-4E07-AFEF-AE5EF877CC25\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:sinumerik_optimize_myprogramming_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4EAC9D5-32C9-418B-B993-A882F931CF90\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:sinumerik_optimize_myprogramming:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC21335C-3D0B-4FFB-ADE9-6041835CA04E\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Third Party Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.