CVE-2017-2685

HIGH

Siemens Sinumerik Integrate Access My... - Information Disclosure

Title source: rule

Description

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96519

[Vendor Advisory] http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf

Scores

CVSS v3 7.4

EPSS 0.0024

EPSS Percentile 46.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-200 CWE-693

Status draft

Affected Products (5)

siemens/sinumerik_integrate_access_mymachine\/ethernet

siemens/sinumerik_integrate_operate_client

siemens/sinumerik_operate

Timeline

Published Mar 01, 2017

Tracked Since Feb 18, 2026