CVE-2021-31892
First published: Tue Jul 13 2021(Updated: )
A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Sinumerik Analyse Mycondition Firmware | ||
| Siemens Sinumerik Analyse Mycondition | ||
| Siemens Sinumerik Analyze Myperformance Firmware | ||
| Siemens Sinumerik Analyze Myperformance | ||
| Siemens Sinumerik Integrate Client Firmware | >=2.00.12<2.00.18 | |
| Siemens Sinumerik Integrate Client Firmware | >=3.00.12<3.00.18 | |
| Siemens Sinumerik Integrate Client Firmware | >=4.00.15<4.00.18 | |
| Siemens Sinumerik Integrate Client | ||
| Siemens Sinumerik Integrate For Production Firmware | <=4.1 | |
| Siemens Sinumerik Integrate For Production Firmware | =5.1 | |
| Siemens Sinumerik Integrate For Production | ||
| Siemens Sinumerik Manage Mymachines Firmware | ||
| Siemens Sinumerik Manage Mymachines | ||
| Siemens Sinumerik Manage Myprograms Firmware | ||
| Siemens Sinumerik Manage Myprograms | ||
| Siemens Sinumerik Manage Myresources Firmware | ||
| Siemens Sinumerik Manage Myresources | ||
| Siemens Sinumerik Manage Mytools Firmware | ||
| Siemens Sinumerik Manage Mytools | ||
| Siemens Sinumerik Operate Firmware | <4.8 | |
| Siemens Sinumerik Operate Firmware | =4.8 | |
| Siemens Sinumerik Operate Firmware | =4.8-sp1 | |
| Siemens Sinumerik Operate Firmware | =4.8-sp2 | |
| Siemens Sinumerik Operate Firmware | =4.8-sp3 | |
| Siemens Sinumerik Operate Firmware | =4.8-sp4 | |
| Siemens Sinumerik Operate Firmware | =4.8-sp5 | |
| Siemens Sinumerik Operate Firmware | =4.8-sp6 | |
| Siemens Sinumerik Operate Firmware | =4.8-sp7 | |
| Siemens Sinumerik Operate Firmware | =4.93 | |
| Siemens Sinumerik Operate Firmware | =4.93-hotfix_1 | |
| Siemens Sinumerik Operate Firmware | =4.93-hotfix_2 | |
| Siemens Sinumerik Operate Firmware | =4.93-hotfix_3 | |
| Siemens Sinumerik Operate Firmware | =4.93-hotfix_4 | |
| Siemens Sinumerik Operate Firmware | =4.93-hotfix_5 | |
| Siemens Sinumerik Operate Firmware | =4.93-hotfix_6 | |
| Siemens Sinumerik Operate Firmware | =4.94 | |
| Siemens Sinumerik Operate Firmware | =4.94-hotfix_1 | |
| Siemens Sinumerik Operate Firmware | =4.94-hotfix_2 | |
| Siemens Sinumerik Operate Firmware | =4.94-hotfix_3 | |
| Siemens Sinumerik Operate Firmware | =4.94-hotfix_4 | |
| Siemens Sinumerik Operate | ||
| Siemens Sinumerik Optimize Myprogramming Firmware | ||
| Siemens Sinumerik Optimize Myprogramming | ||
| : Siemens SINUMERIK Analyze MyCondition | ||
| : Siemens SINUMERIK Analyze MyPerformance | ||
| : Siemens SINUMERIK Analyze MyPerformance / OEE-Monitor | ||
| : Siemens SINUMERIK Analyze MyPerformance / OEE-Tuning | ||
| : Siemens SINUMERIK Integrate Client 02: All versions including v02.00.12 and up to but not including v02.00.18 | ||
| : Siemens SINUMERIK Integrate Client 03: All versions between v03.00.12 and up to but not including v03.00.18 | ||
| : Siemens SINUMERIK Integrate Client 04: Version v04.00.02 and all versions including v04.00.15 up to but not including v04.00.18 | ||
| : Siemens SINUMERIK Integrate for Production 4.1 SP10 HF3 | <4.1 | 4.1 |
| : Siemens SINUMERIK Integrate for Production 5.1 | =5.1 | |
| : Siemens SINUMERIK Manage MyMachines | ||
| : Siemens SINUMERIK Manage MyMachines / Remote | ||
| : Siemens SINUMERIK Manage MyMachines / Spindel Monitor | ||
| : Siemens SINUMERIK Manage MyPrograms | ||
| : Siemens SINUMERIK Manage MyResources / Programs | ||
| : Siemens SINUMERIK Manage MyResources / Tools | ||
| : Siemens SINUMERIK Manage My Tools | ||
| : Siemens SINUMERIK Operate v4.8 SP8 | <4.8 | 4.8 |
| : Siemens SINUMERIK Operate v4.93 HF7 | <4.93 | 4.93 |
| : Siemens SINUMERIK Operate v4.94 HF5 | <4.94 | 4.94 |
| : Siemens SINUMERIK Optimize MyProgramming / NX-Cam Editor |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-31892.
What is the severity rating of CVE-2021-31892?
CVE-2021-31892 has a severity rating of 7.4 (High).
Which software versions are affected by CVE-2021-31892?
CVE-2021-31892 affects SINUMERIK Analyse MyCondition, SINUMERIK Analyze MyPerformance, SINUMERIK Analyze MyPerformance/OEE-Monitor, SINUMERIK Analyze MyPerformance/OEE-Tuning, and SINUMERIK Integrate Client versions >=2.00.12 and <4.00.18, >=3.00.12 and <4.00.18, and >=4.00.15 and <4.00.18.
How can I fix the vulnerability in SINUMERIK Analyze MyCondition software?
To fix the vulnerability in SINUMERIK Analyze MyCondition firmware, update the software to a version that is not vulnerable.
Where can I find more information about CVE-2021-31892?
You can find more information about CVE-2021-31892 at the following references: [Siemens ProductCERT Advisory](https://cert-portal.siemens.com/productcert/pdf/ssa-729965.pdf) and [US-CERT Advisory](https://us-cert.cisa.gov/ics/advisories/icsa-21-194-04).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/references
- agent/severity
- agent/tags
- agent/softwarecombine
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens sinumerik analyse mycondition firmware
- canonical/siemens sinumerik analyse mycondition
- canonical/siemens sinumerik analyze myperformance firmware
- canonical/siemens sinumerik analyze myperformance
- canonical/siemens sinumerik integrate client firmware
- version/siemens sinumerik integrate client firmware/2.00.12
- version/siemens sinumerik integrate client firmware/3.00.12
- version/siemens sinumerik integrate client firmware/4.00.15
- canonical/siemens sinumerik integrate client
- canonical/siemens sinumerik integrate for production firmware
- version/siemens sinumerik integrate for production firmware/4.1
- version/siemens sinumerik integrate for production firmware/5.1
- canonical/siemens sinumerik integrate for production
- canonical/siemens sinumerik manage mymachines firmware
- canonical/siemens sinumerik manage mymachines
- canonical/siemens sinumerik manage myprograms firmware
- canonical/siemens sinumerik manage myprograms
- canonical/siemens sinumerik manage myresources firmware
- canonical/siemens sinumerik manage myresources
- canonical/siemens sinumerik manage mytools firmware
- canonical/siemens sinumerik manage mytools
- canonical/siemens sinumerik operate firmware
- version/siemens sinumerik operate firmware/4.8
- version/siemens sinumerik operate firmware/4.8-sp1
- version/siemens sinumerik operate firmware/4.8-sp2
- version/siemens sinumerik operate firmware/4.8-sp3
- version/siemens sinumerik operate firmware/4.8-sp4
- version/siemens sinumerik operate firmware/4.8-sp5
- version/siemens sinumerik operate firmware/4.8-sp6
- version/siemens sinumerik operate firmware/4.8-sp7
- version/siemens sinumerik operate firmware/4.93
- version/siemens sinumerik operate firmware/4.93-hotfix_1
- version/siemens sinumerik operate firmware/4.93-hotfix_2
- version/siemens sinumerik operate firmware/4.93-hotfix_3
- version/siemens sinumerik operate firmware/4.93-hotfix_4
- version/siemens sinumerik operate firmware/4.93-hotfix_5
- version/siemens sinumerik operate firmware/4.93-hotfix_6
- version/siemens sinumerik operate firmware/4.94
- version/siemens sinumerik operate firmware/4.94-hotfix_1
- version/siemens sinumerik operate firmware/4.94-hotfix_2
- version/siemens sinumerik operate firmware/4.94-hotfix_3
- version/siemens sinumerik operate firmware/4.94-hotfix_4
- canonical/siemens sinumerik operate
- canonical/siemens sinumerik optimize myprogramming firmware
- canonical/siemens sinumerik optimize myprogramming
- vendor/: siemens
- canonical/: siemens sinumerik analyze mycondition
- canonical/: siemens sinumerik analyze myperformance
- canonical/: siemens sinumerik analyze myperformance / oee-monitor
- canonical/: siemens sinumerik analyze myperformance / oee-tuning
- canonical/: siemens sinumerik integrate client 02: all versions including v02.00.12 and up to but not including v02.00.18
- canonical/: siemens sinumerik integrate client 03: all versions between v03.00.12 and up to but not including v03.00.18
- canonical/: siemens sinumerik integrate client 04: version v04.00.02 and all versions including v04.00.15 up to but not including v04.00.18
- canonical/: siemens sinumerik integrate for production 4.1 sp10 hf3
- canonical/: siemens sinumerik integrate for production 5.1
- version/: siemens sinumerik integrate for production 5.1/5.1
- canonical/: siemens sinumerik manage mymachines
- canonical/: siemens sinumerik manage mymachines / remote
- canonical/: siemens sinumerik manage mymachines / spindel monitor
- canonical/: siemens sinumerik manage myprograms
- canonical/: siemens sinumerik manage myresources / programs
- canonical/: siemens sinumerik manage myresources / tools
- canonical/: siemens sinumerik manage my tools
- canonical/: siemens sinumerik operate v4.8 sp8
- canonical/: siemens sinumerik operate v4.93 hf7
- canonical/: siemens sinumerik operate v4.94 hf5
- canonical/: siemens sinumerik optimize myprogramming / nx-cam editor