Primary

Context

Siemens SICAM TOOLBOX II Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Patched

A vulnerability exists in Siemens SICAM TOOLBOX II in all versions prior to V07.11. The issue arises because the application fails to properly validate the common name in the device's certificate during the establishment of a HTTPS connection to the TLS server of a managed device. This flaw could enable an attacker to perform an on-path network (Man-in-the-Middle) attack.

Impact

Exploitation of this vulnerability could lead to a Man-in-the-Middle attack, allowing an attacker to intercept and potentially alter communications between the application and the managed device.

Remediation

Users are advised to update SICAM TOOLBOX II to version V07.11 or later. For guidance on applying the update, refer to the Siemens support page for SICAM TOOLBOX II.

Added: Jul 8, 2025, 12:17 PM

Updated: Jul 8, 2025, 12:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

6.7

exploitability

4.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

6.7

exploitability

4.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SICAM TOOLBOX II Improper Certificate Validation Vulnerability Allowing Man-in-the-Middle Attacks

Vulnerability

Impact

Remediation

Affected Products

Siemens SICAM TOOLBOX II

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating