Primary

Context

Siemens SICAM Toolbox II Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Patched

A vulnerability exists in Siemens SICAM Toolbox II in all versions prior to 07.11. The issue arises because the application fails to properly validate the extended key usage attribute of TLS certificates from managed devices during HTTPS connections. This flaw could enable an attacker to perform a man-in-the-middle (MitM) attack.

Impact

Exploitation of this vulnerability could lead to a man-in-the-middle (MitM) attack, where an attacker could intercept and potentially alter communications between the application and a managed device.

Remediation

Users are advised to update SICAM Toolbox II to version 07.11 or later. For guidance on applying the update, refer to the Siemens support page for SICAM Toolbox II.

Added: Jul 8, 2025, 12:19 PM

Updated: Jul 8, 2025, 12:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SICAM Toolbox II Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Impact

Remediation

Affected Products

Siemens SICAM TOOLBOX II

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating