Cyber Resilience

CVE-2024-31853

High

Published: 08 July 2025

Published
08 July 2025
Modified
20 August 2025
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 31.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-31853 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Siemens Sicam Toolbox Ii. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-31853, published on 2025-07-08, is a vulnerability in SICAM TOOLBOX II affecting all versions prior to V07.11. The flaw arises during the establishment of an HTTPS connection to the TLS server of a managed device, where the application fails to validate the extended key usage attribute of the device's certificate. This improper certificate validation, classified under CWE-295, has a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).

An attacker capable of positioning themselves on the network path between SICAM TOOLBOX II and the managed device's TLS server can exploit this vulnerability to conduct a man-in-the-middle (MitM) attack. No user privileges or interaction are required, though the attack demands high complexity due to the need for on-path network access. Successful exploitation could result in high impacts to confidentiality, integrity, and availability, such as intercepting, modifying, or disrupting communications.

Siemens has published security advisory SSA-183963 at https://cert-portal.siemens.com/productcert/html/ssa-183963.html, which details mitigation strategies and available patches for affected systems.

EU & UK References

Vulnerability details

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's…

more

certificate. This could allow an attacker to execute an on-path network (MitM) attack.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Improper certificate validation (CWE-295) during TLS/HTTPS connection setup directly enables MitM attacks on the network path between client and device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-31854Same product: Siemens Sicam Toolbox Ii
CVE-2024-47258Shared CWE-295
CVE-2026-32627Shared CWE-295
CVE-2024-55581Shared CWE-295
CVE-2025-11043Shared CWE-295
CVE-2024-50691Shared CWE-295
CVE-2024-29171Shared CWE-295
CVE-2025-9293Shared CWE-295
CVE-2025-0500Shared CWE-295
CVE-2025-66001Shared CWE-295

Affected Assets

siemens
sicam toolbox ii
≤ 07.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely remediation of identified flaws, directly addressing this CVE by applying the vendor patch V07.11 that fixes the improper certificate validation.

prevent

SC-17 mandates validation of PKI certificates including extended key usage attributes, preventing MitM attacks enabled by the failure to check this certificate attribute.

prevent

SC-23 provides mechanisms to protect communication session authenticity, mitigating the risk of MitM exploitation resulting from flawed TLS certificate validation.

References