CVE-2017-2685

HIGH

Siemens Sinumerik Integrate Access My... - Information Disclosure

Title source: rule

Description

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/96519

Vendor Advisory x_refsource_confirm

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf

Scores

CVSS v3 7.4

EPSS 0.0024

EPSS Percentile 47.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-200 CWE-693

Status published

Products (6)

n/a/SINUMERIK Integrate Operate Clients 2.x and 3.x SINUMERIK Integrate Operate Clients 2.x and 3.x

siemens/sinumerik_integrate_access_mymachine\/ethernet

siemens/sinumerik_integrate_operate_client 2.0.3.00.016

siemens/sinumerik_integrate_operate_client 3.0.4.00.032

siemens/sinumerik_operate 4.5 sp6

siemens/sinumerik_operate 4.7 sp2

Published Mar 01, 2017

Tracked Since Feb 18, 2026