CVE-2024-31854

High CVSS: 7.7

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value.
This could allow an attacker to execute an on-path network (MitM) attack.

Vendor

Siemens

Product

Sicam Toolbox Ii

CWE

CWE-295

Yayın Tarihi

2025-07-08 11:15:24

Güncelleme

2025-08-20 16:17:45

Source Identifier

productcert@siemens.com

KEV Date Added

Kategoriler

CWE-295 Sicam Toolbox Ii HIGH Siemens 2025

Referanslar

https://cert-portal.siemens.com/productcert/html/ssa-183963.html

Benzer Kayıtlar

Medium

CVE-2026-27661

A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks co…

Medium

CVE-2026-25571

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component doe…

Medium

CVE-2026-25572

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component doe…

High

CVE-2026-25573

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell co…

Medium

CVE-2026-25605

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file d…

High

CVE-2026-25569

A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exi…