The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which may allow a man-in-the-middle attack to obtain plaintext HTTP headers.
Long-duration TLS sessions used with a 64-bit block cipher may allow remote attackers to obtain cleartext data.
Outdated versions of TLS and DTLS allow statistical analysis of timing data for crafted packets, which may allow remote attackers to conduct distinguishing and plaintext-recovery attacks.
Improper Input Validation
Siemens recommends users upgrade to Version 3.2.1 or newer for both affected products.