CVE-2017-2685
01.03.2017, 17:59
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.Enginsight
| Vendor | Product | Version |
|---|---|---|
| siemens | sinumerik_integrate_access_mymachine\/ethernet | - |
| siemens | sinumerik_integrate_operate_client | 2.0.3.00.016 |
| siemens | sinumerik_integrate_operate_client | 3.0.4.00.032 |
| siemens | sinumerik_operate | 4.5:sp6 |
| siemens | sinumerik_operate | 4.7:sp2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-693 - Protection Mechanism FailureThe product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.