Cyber Resilience

CVE-2024-31854

High

Published: 08 July 2025

Published
08 July 2025
Modified
20 August 2025
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 31.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-31854 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Siemens Sicam Toolbox Ii. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SC-23 (Session Authenticity).

Deeper analysis

CVE-2024-31854 is a vulnerability in SICAM TOOLBOX II, affecting all versions prior to V07.11. The issue arises during the establishment of an HTTPS connection to the TLS server of a managed device, where the application fails to validate the device's certificate common name against an expected value. This flaw, classified under CWE-295 (Improper Certificate Validation), has a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-07-08.

An attacker positioned on the network path between the SICAM TOOLBOX II application and the managed device can exploit this vulnerability to perform a man-in-the-middle (MitM) attack. No privileges or user interaction are required, though high attack complexity is needed due to the necessity of on-path positioning. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, such as intercepting, modifying, or disrupting sensitive communications.

Siemens has published security advisory SSA-183963 at https://cert-portal.siemens.com/productcert/html/ssa-183963.html, which provides details on the vulnerability and recommended mitigations for affected systems.

EU & UK References

Vulnerability details

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value.…

more

This could allow an attacker to execute an on-path network (MitM) attack.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Improper certificate validation (CWE-295) directly enables MitM attacks on TLS connections as described.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-31853Same product: Siemens Sicam Toolbox Ii
CVE-2024-47258Shared CWE-295
CVE-2026-32627Shared CWE-295
CVE-2024-55581Shared CWE-295
CVE-2025-11043Shared CWE-295
CVE-2024-50691Shared CWE-295
CVE-2024-29171Shared CWE-295
CVE-2025-9293Shared CWE-295
CVE-2025-0500Shared CWE-295
CVE-2025-66001Shared CWE-295

Affected Assets

siemens
sicam toolbox ii
≤ 07.11

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of PKI certificates including certification path construction and status checks, addressing the failure to verify the certificate common name against expected values to prevent MitM attacks.

prevent

Mandates mechanisms to protect the authenticity of communications sessions, ensuring HTTPS connections are established only with legitimate managed devices and thwarting on-path MitM exploitation.

prevent

Requires cryptographic protection for transmission confidentiality and integrity using approved mechanisms, mitigating MitM impacts though not fully specifying certificate common name validation.

References