First published: Tue Dec 14 2021(Updated: )
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.
Credit: productcert@siemens.com productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Sinumerik Edge | <3.2 | |
<3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-42027.
The affected software is SINUMERIK Edge.
All versions prior to V3.2 are vulnerable.
The severity of CVE-2021-42027 is high with a CVSS score of 7.4.
An attacker can exploit CVE-2021-42027 by spoofing a trusted entity and interfering in the communication path between the client and server.