ID
VAR-201703-0642
CVE
CVE-2017-2685
TITLE
Siemens SINUMERIK Integrate Operate Client In TLS Vulnerability to read session data
Trust: 0.8
sources:
JVNDB: JVNDB-2017-002282
DESCRIPTION
Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack. Siemens SINUMERIK Integrate Operate Clients is a standard human interface system client for SINUMERIK digital control from Siemens AG. There is a middleman security bypass vulnerability in Siemens SINUMERIK Integrate Operate Clients. Multiple Siemens Products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks
Trust: 2.7
sources:
NVD: CVE-2017-2685 //
JVNDB: JVNDB-2017-002282 //
CNVD: CNVD-2017-02400 //
BID: 96519 //
IVD: 9505679d-5baf-4fd4-a0f0-a9be3ad1094b //
VULHUB: VHN-110888
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
sources:
IVD: 9505679d-5baf-4fd4-a0f0-a9be3ad1094b //
CNVD: CNVD-2017-02400
AFFECTED PRODUCTS
| vendor: | siemens | model: | sinumerik integrate operate client | scope: | eq | version: | 3.0.4.00.032 | Trust: 2.5 |
| vendor: | siemens | model: | sinumerik integrate operate client | scope: | eq | version: | 2.0.3.00.016 | Trust: 2.5 |
| vendor: | siemens | model: | sinumerik operate | scope: | eq | version: | 4.7 | Trust: 2.2 |
| vendor: | siemens | model: | sinumerik operate | scope: | eq | version: | 4.5 | Trust: 2.2 |
| vendor: | siemens | model: | sinumerik integrate access mymachine\/ethernet | scope: | eq | version: | - | Trust: 1.6 |
| vendor: | siemens | model: | sinumerik integrate access mymachine/ethernet | scope: | eq | version: | 0 | Trust: 0.9 |
| vendor: | siemens | model: | sinumerik integrate access mymachine/ethernet | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | sinumerik integrate operate client | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | sinumerik operate | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | sinumerik operate sp2 hotfix | scope: | eq | version: | 4.71 | Trust: 0.6 |
| vendor: | siemens | model: | sinumerik operate sp6 | scope: | eq | version: | 4.5 | Trust: 0.6 |
| vendor: | siemens | model: | sinumerik operate sp2 hotfix | scope: | eq | version: | v4.71 | Trust: 0.3 |
| vendor: | siemens | model: | sinumerik operate | scope: | eq | version: | v4.7 | Trust: 0.3 |
| vendor: | siemens | model: | sinumerik operate sp6 | scope: | eq | version: | v4.5 | Trust: 0.3 |
| vendor: | siemens | model: | sinumerik operate | scope: | eq | version: | v4.5 | Trust: 0.3 |
| vendor: | siemens | model: | sinumerik operate sp4 | scope: | ne | version: | v4.7 | Trust: 0.3 |
| vendor: | siemens | model: | sinumerik operate sp6 hotfix | scope: | ne | version: | v4.58 | Trust: 0.3 |
| vendor: | siemens | model: | sinumerik integrate operate client | scope: | ne | version: | 3.0.6 | Trust: 0.3 |
| vendor: | siemens | model: | sinumerik integrate operate client | scope: | ne | version: | 2.0.6 | Trust: 0.3 |
| vendor: | siemens | model: | sinumerik integrate access mymachine/ethernet | scope: | ne | version: | v4.1.0.5 | Trust: 0.3 |
| vendor: | sinumerik integrate access mymachine ethernet | model: | - | scope: | eq | version: | - | Trust: 0.2 |
| vendor: | sinumerik integrate operate client | model: | - | scope: | eq | version: | 2.0.3.00.016 | Trust: 0.2 |
| vendor: | sinumerik integrate operate client | model: | - | scope: | eq | version: | 3.0.4.00.032 | Trust: 0.2 |
| vendor: | sinumerik operate | model: | - | scope: | eq | version: | 4.5 | Trust: 0.2 |
| vendor: | sinumerik operate | model: | - | scope: | eq | version: | 4.7 | Trust: 0.2 |
sources:
IVD: 9505679d-5baf-4fd4-a0f0-a9be3ad1094b //
CNVD: CNVD-2017-02400 //
BID: 96519 //
JVNDB: JVNDB-2017-002282 //
CNNVD: CNNVD-201703-029 //
NVD: CVE-2017-2685
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
IVD: 9505679d-5baf-4fd4-a0f0-a9be3ad1094b //
CNVD: CNVD-2017-02400 //
VULHUB: VHN-110888 //
JVNDB: JVNDB-2017-002282 //
CNNVD: CNNVD-201703-029 //
NVD: CVE-2017-2685
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
| problemtype: | CWE-693 | Trust: 1.0 |
sources:
VULHUB: VHN-110888 //
JVNDB: JVNDB-2017-002282 //
NVD: CVE-2017-2685
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201703-029
TYPE
information disclosure
Trust: 0.6
sources:
CNNVD: CNNVD-201703-029
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-002282
PATCH
| title: | SSA-934525 | url: | http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf | Trust: 0.8 |
| title: | Siemens SINUMERIK Integrate Operate Clients patch for security breaches | url: | https://www.cnvd.org.cn/patchInfo/show/89987 | Trust: 0.6 |
| title: | Siemens SINUMERIK Integrate Operate Clients Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=68022 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-02400 //
JVNDB: JVNDB-2017-002282 //
CNNVD: CNNVD-201703-029
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-2685 | Trust: 3.6 |
| db: | BID | id: | 96519 | Trust: 2.6 |
| db: | SIEMENS | id: | SSA-934525 | Trust: 2.6 |
| db: | CNNVD | id: | CNNVD-201703-029 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2017-02400 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2017-002282 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-17-061-03 | Trust: 0.3 |
| db: | IVD | id: | 9505679D-5BAF-4FD4-A0F0-A9BE3AD1094B | Trust: 0.2 |
| db: | VULHUB | id: | VHN-110888 | Trust: 0.1 |
sources:
IVD: 9505679d-5baf-4fd4-a0f0-a9be3ad1094b //
CNVD: CNVD-2017-02400 //
VULHUB: VHN-110888 //
BID: 96519 //
JVNDB: JVNDB-2017-002282 //
CNNVD: CNNVD-201703-029 //
NVD: CVE-2017-2685
REFERENCES
| url: | http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf | Trust: 2.6 |
| url: | http://www.securityfocus.com/bid/96519 | Trust: 2.3 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2685 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-2685 | Trust: 0.8 |
| url: | https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp/ | Trust: 0.8 |
| url: | https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2017-2685 | Trust: 0.6 |
| url: | http://www.siemens.com/ | Trust: 0.3 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-17-061-03 | Trust: 0.3 |
sources:
CNVD: CNVD-2017-02400 //
VULHUB: VHN-110888 //
BID: 96519 //
JVNDB: JVNDB-2017-002282 //
CNNVD: CNNVD-201703-029 //
NVD: CVE-2017-2685
CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
BID: 96519
SOURCES
| db: | IVD | id: | 9505679d-5baf-4fd4-a0f0-a9be3ad1094b |
| db: | CNVD | id: | CNVD-2017-02400 |
| db: | VULHUB | id: | VHN-110888 |
| db: | BID | id: | 96519 |
| db: | JVNDB | id: | JVNDB-2017-002282 |
| db: | CNNVD | id: | CNNVD-201703-029 |
| db: | NVD | id: | CVE-2017-2685 |
LAST UPDATE DATE
2024-11-23T22:30:50.015000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-02400 | date: | 2017-03-05T00:00:00 |
| db: | VULHUB | id: | VHN-110888 | date: | 2019-10-09T00:00:00 |
| db: | BID | id: | 96519 | date: | 2017-03-07T01:09:00 |
| db: | JVNDB | id: | JVNDB-2017-002282 | date: | 2017-04-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201703-029 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2017-2685 | date: | 2024-11-21T03:23:58.560 |
SOURCES RELEASE DATE
| db: | IVD | id: | 9505679d-5baf-4fd4-a0f0-a9be3ad1094b | date: | 2017-03-05T00:00:00 |
| db: | CNVD | id: | CNVD-2017-02400 | date: | 2017-03-05T00:00:00 |
| db: | VULHUB | id: | VHN-110888 | date: | 2017-03-01T00:00:00 |
| db: | BID | id: | 96519 | date: | 2017-03-01T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-002282 | date: | 2017-04-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201703-029 | date: | 2017-03-02T00:00:00 |
| db: | NVD | id: | CVE-2017-2685 | date: | 2017-03-01T17:59:00.143 |