CVE-2024-31854
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-08-20
Assigner: Siemens AG
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | sicam_toolbox_ii | to 07.11 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in SICAM TOOLBOX II versions prior to V07.11, where the application does not verify the device certificate's common name against an expected value during the establishment of an HTTPS connection to the TLS server of a managed device. This improper certificate validation allows an attacker to perform a man-in-the-middle (MitM) attack by presenting fraudulent certificates, potentially intercepting and manipulating communications. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute an on-path (MitM) network attack, intercepting and potentially manipulating the data exchanged between the SICAM TOOLBOX II application and the managed device. This can compromise the confidentiality, integrity, and availability of communications, potentially leading to unauthorized access or control over automation and control-room systems. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves improper validation of device certificates during HTTPS connections, specifically the failure to verify the certificate's common name against an expected value. Detection can involve monitoring HTTPS connections from SICAM TOOLBOX II to managed devices and inspecting TLS certificate validation behavior. However, no specific detection commands or tools are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating SICAM TOOLBOX II to version V07.11 or later, which contains fixes for this vulnerability. Additionally, ensure that devices such as CP-8000/8021/8022, CP-8050/31, and SICAM AK3 are running the latest firmware that supports trusting current device certificates. Further recommended measures include applying multi-level redundant secondary protection schemes, validating updates before deployment, supervising update processes by trained personnel, and securing network access through firewalls, segmentation, and VPNs. [1]