What is the severity of CVE-2017-2685?

CVE-2017-2685 has a critical severity rating due to its potential to allow unauthorized data access during TLS sessions.

How do I fix CVE-2017-2685?

To fix CVE-2017-2685, update the Siemens SINUMERIK Integrate Operate Clients to a version after 2.0.6 and 3.0.6.

What systems are affected by CVE-2017-2685?

CVE-2017-2685 affects Siemens SINUMERIK Integrate Operate Clients versions 2.0.3.00.016 to 2.0.6 and 3.0.4.00.032 to 3.0.6.

What kind of attack can CVE-2017-2685 be exploited by?

CVE-2017-2685 can be exploited by a man-in-the-middle (MITM) attack.

Is there a workaround for CVE-2017-2685 if I cannot update?

Currently, there is no official workaround for CVE-2017-2685 recommended by Siemens, so updating is essential.

Vulnerability/
CVE-2017-2685

high

7.4

CWE

200 693

1/3/2017

5/8/2024

CVE-2017-2685: Infoleak

First published: Wed Mar 01 2017(Updated: )

Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens SINUMERIK Integrate access mymachine/ethernet
Siemens SINUMERIK Integrate Operate Client	=2.0.3.00.016
Siemens SINUMERIK Integrate Operate Client	=3.0.4.00.032
Siemens SINUMERIK Operate v4.8 SP8	=4.5-sp6
Siemens SINUMERIK Operate v4.8 SP8	=4.7-sp2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-2685?
CVE-2017-2685 has a critical severity rating due to its potential to allow unauthorized data access during TLS sessions.
How do I fix CVE-2017-2685?
To fix CVE-2017-2685, update the Siemens SINUMERIK Integrate Operate Clients to a version after 2.0.6 and 3.0.6.
What systems are affected by CVE-2017-2685?
CVE-2017-2685 affects Siemens SINUMERIK Integrate Operate Clients versions 2.0.3.00.016 to 2.0.6 and 3.0.4.00.032 to 3.0.6.
What kind of attack can CVE-2017-2685 be exploited by?
CVE-2017-2685 can be exploited by a man-in-the-middle (MITM) attack.
Is there a workaround for CVE-2017-2685 if I cannot update?
Currently, there is no official workaround for CVE-2017-2685 recommended by Siemens, so updating is essential.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/severity
agent/last-modified-date
agent/description
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/siemens
canonical/siemens sinumerik integrate access mymachine/ethernet
canonical/siemens sinumerik integrate operate client
version/siemens sinumerik integrate operate client/2.0.3.00.016
version/siemens sinumerik integrate operate client/3.0.4.00.032
canonical/siemens sinumerik operate v4.8 sp8
version/siemens sinumerik operate v4.8 sp8/4.5-sp6
version/siemens sinumerik operate v4.8 sp8/4.7-sp2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.