CVE-2024-31853
Published: 08 July 2025
Summary
CVE-2024-31853 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Siemens Sicam Toolbox Ii. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-31853, published on 2025-07-08, is a vulnerability in SICAM TOOLBOX II affecting all versions prior to V07.11. The flaw arises during the establishment of an HTTPS connection to the TLS server of a managed device, where the application fails to validate the extended key usage attribute of the device's certificate. This improper certificate validation, classified under CWE-295, has a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
An attacker capable of positioning themselves on the network path between SICAM TOOLBOX II and the managed device's TLS server can exploit this vulnerability to conduct a man-in-the-middle (MitM) attack. No user privileges or interaction are required, though the attack demands high complexity due to the need for on-path network access. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, such as intercepting, modifying, or disrupting communications.
Siemens has published security advisory SSA-183963 at https://cert-portal.siemens.com/productcert/html/ssa-183963.html, which details mitigation strategies and available patches for affected systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-29723
Vulnerability details
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's…
more
certificate. This could allow an attacker to execute an on-path network (MitM) attack.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper certificate validation (CWE-295) during TLS/HTTPS connection setup directly enables MitM attacks on the network path between client and device.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely remediation of identified flaws, directly addressing this CVE by applying the vendor patch V07.11 that fixes the improper certificate validation.
SC-17 mandates validation of PKI certificates including extended key usage attributes, preventing MitM attacks enabled by the failure to check this certificate attribute.
SC-23 provides mechanisms to protect communication session authenticity, mitigating the risk of MitM exploitation resulting from flawed TLS certificate validation.