CVE-2017-2685

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:sinumerik_integrate_access_mymachine\/ethernet:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_integrate_operate_client:2.0.3.00.016:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_integrate_operate_client:3.0.4.00.032:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_operate:4.5:sp6:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_operate:4.7:sp2:*:*:*:*:*:*

History

21 Nov 2024, 03:23

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/96519 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/96519 - Third Party Advisory, VDB Entry
References () http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf - Vendor Advisory () http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf - Vendor Advisory

Information

Published : 2017-03-01 17:59

Updated : 2024-11-21 03:23


NVD link : CVE-2017-2685

Mitre link : CVE-2017-2685

CVE.ORG link : CVE-2017-2685


JSON object : View

Products Affected

siemens

  • sinumerik_operate
  • sinumerik_integrate_operate_client
  • sinumerik_integrate_access_mymachine\/ethernet
CWE
CWE-693

Protection Mechanism Failure

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor