CVE-2024-31854
Published: 08 July 2025
Summary
CVE-2024-31854 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Siemens Sicam Toolbox Ii. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-17 (Public Key Infrastructure Certificates) and SC-23 (Session Authenticity).
Deeper analysis
CVE-2024-31854 is a vulnerability in SICAM TOOLBOX II, affecting all versions prior to V07.11. The issue arises during the establishment of an HTTPS connection to the TLS server of a managed device, where the application fails to validate the device's certificate common name against an expected value. This flaw, classified under CWE-295 (Improper Certificate Validation), has a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-07-08.
An attacker positioned on the network path between the SICAM TOOLBOX II application and the managed device can exploit this vulnerability to perform a man-in-the-middle (MitM) attack. No privileges or user interaction are required, though high attack complexity is needed due to the necessity of on-path positioning. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, such as intercepting, modifying, or disrupting sensitive communications.
Siemens has published security advisory SSA-183963 at https://cert-portal.siemens.com/productcert/html/ssa-183963.html, which provides details on the vulnerability and recommended mitigations for affected systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-29724
Vulnerability details
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value.…
more
This could allow an attacker to execute an on-path network (MitM) attack.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper certificate validation (CWE-295) directly enables MitM attacks on TLS connections as described.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of PKI certificates including certification path construction and status checks, addressing the failure to verify the certificate common name against expected values to prevent MitM attacks.
Mandates mechanisms to protect the authenticity of communications sessions, ensuring HTTPS connections are established only with legitimate managed devices and thwarting on-path MitM exploitation.
Requires cryptographic protection for transmission confidentiality and integrity using approved mechanisms, mitigating MitM impacts though not fully specifying certificate common name validation.