5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
44.0%
**ATTENTION:**Remotely exploitable.
Vendor: Siemens
**Equipment:**SINUMERIK Integrate, SINUMERIK Operate
**Vulnerability:**Man-in-the-Middle
Siemens reports that the vulnerability affects the following SINUMERIK Integrate and Operate product suite versions:
Successful exploitation of this vulnerability could allow attackers in a privileged network position to capture and modify network traffic protected with transport layer security.
Siemens provides the following updates for affected SINUMERIK Integrate and SINUMERIK Operate versions:
These updates can be obtained from a local Siemens service organization. If assistance is needed in identifying a local Siemens service organization, users may contact a local Siemens hotline at the following link:
<https://w3.siemens.com/aspa_app/>
As a general security measure Siemens strongly recommends users configure their environment according to Siemens operational guidelines found below:
For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-934525 at the following location:
<http://www.siemens.com/cert/en/cert-security-advisories.htm>
NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
ICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available in the ICSβCERT Technical Information Paper, ICS-TIP-12-146-01BβTargeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability. High skill level is needed to exploit.
A channel accessible by non-endpoint (βman-in-the-middleβ) vulnerability has been identified. This could allow an unverified attacker to eavesdrop, capture, or modify communications.
CVE-2017-2685 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been assigned; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).
Critical Infrastructure Sector(s): Energy, Healthcare and Public Health, and Transportation Systems
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2685
www.siemens.com/cert/en/cert-security-advisories.htm
cwe.mitre.org/data/definitions/300.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Siemens%20SINUMERIK%20Integrate%20and%20SINUMERIK%20Operate+https://www.cisa.gov/news-events/ics-advisories/icsa-17-061-03
w3.siemens.com/aspa_app/
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-advisories/icsa-17-061-03&title=Siemens%20SINUMERIK%20Integrate%20and%20SINUMERIK%20Operate
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
www.industry.siemens.com/topics/global/en/industrial-security/Documents/operational_guidelines_industrial_security_en.pdf
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-advisories/icsa-17-061-03
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-advisories/icsa-17-061-03
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Siemens%20SINUMERIK%20Integrate%20and%20SINUMERIK%20Operate&body=www.cisa.gov/news-events/ics-advisories/icsa-17-061-03
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
0.001 Low
EPSS
Percentile
44.0%