All the vulnerabilites related to Siemens - SCALANCE S602
cve-2019-6585
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf | x_refsource_CONFIRM | |
https://www.us-cert.gov/ics/advisories/icsa-20-042-10 | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SCALANCE S602 |
Version: All versions >= V3.0 and < V4.1 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:23:22.461Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SCALANCE S602", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] }, { "product": "SCALANCE S612", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] }, { "product": "SCALANCE S623", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] }, { "product": "SCALANCE S627-2M", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S612 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S623 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S627-2M (All versions \u003e= V3.0 and \u003c V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-22T20:42:19", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-6585", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SCALANCE S602", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } }, { "product_name": "SCALANCE S612", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } }, { "product_name": "SCALANCE S623", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } }, { "product_name": "SCALANCE S627-2M", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S612 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S623 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S627-2M (All versions \u003e= V3.0 and \u003c V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-6585", "datePublished": "2020-03-10T19:16:17", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:22.461Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13925
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf | x_refsource_CONFIRM | |
https://www.us-cert.gov/ics/advisories/icsa-20-042-10 | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SCALANCE S602 |
Version: All versions >= V3.0 and < V4.1 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:05:43.784Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SCALANCE S602", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] }, { "product": "SCALANCE S612", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] }, { "product": "SCALANCE S623", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] }, { "product": "SCALANCE S627-2M", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S612 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S623 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S627-2M (All versions \u003e= V3.0 and \u003c V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-22T20:42:18", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-13925", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SCALANCE S602", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } }, { "product_name": "SCALANCE S612", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } }, { "product_name": "SCALANCE S623", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } }, { "product_name": "SCALANCE S627-2M", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S612 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S623 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S627-2M (All versions \u003e= V3.0 and \u003c V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-13925", "datePublished": "2020-02-11T15:36:10", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:43.784Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13926
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf | x_refsource_CONFIRM | |
https://www.us-cert.gov/ics/advisories/icsa-20-042-10 | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SCALANCE S602 |
Version: All versions >= V3.0 and < V4.1 |
||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:05:43.805Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SCALANCE S602", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] }, { "product": "SCALANCE S612", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] }, { "product": "SCALANCE S623", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] }, { "product": "SCALANCE S627-2M", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V3.0 and \u003c V4.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S612 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S623 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S627-2M (All versions \u003e= V3.0 and \u003c V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-22T20:42:18", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-13926", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SCALANCE S602", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } }, { "product_name": "SCALANCE S612", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } }, { "product_name": "SCALANCE S623", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } }, { "product_name": "SCALANCE S627-2M", "version": { "version_data": [ { "version_value": "All versions \u003e= V3.0 and \u003c V4.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S612 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S623 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S627-2M (All versions \u003e= V3.0 and \u003c V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-13926", "datePublished": "2020-02-11T15:36:10", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:43.805Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13924
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SCALANCE S602 |
Version: All versions < V4.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:05:43.919Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SCALANCE S602", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1" } ] }, { "product": "SCALANCE S612", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1" } ] }, { "product": "SCALANCE S623", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1" } ] }, { "product": "SCALANCE S627-2M", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1" } ] }, { "product": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 5.2.4" } ] }, { "product": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.5.0" } ] }, { "product": "SCALANCE X-200RNA switch family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.7" } ] }, { "product": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c 4.1.3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.1), SCALANCE S612 (All versions \u003c V4.1), SCALANCE S623 (All versions \u003c V4.1), SCALANCE S627-2M (All versions \u003c V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-200RNA switch family (All versions \u003c V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-693", "description": "CWE-693: Protection Mechanism Failure", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-13T00:00:00", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf" }, { "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-13924", "datePublished": "2020-02-11T00:00:00", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:43.919Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-201812-0390
Vulnerability from variot
A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. plural SCALANCE The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SiemensSCALANCES602 and other Siemens are the Ethernet security modules of Siemens. A cross-site scripting vulnerability exists in several Siemens products that can be exploited by a remote attacker to inject arbitrary scripts with malicious links. Siemens SCALANCE S is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The following products are affected: Siemens SCALANCE S602 versions prior to v4.0.1.1 Siemens SCALANCE S612 versions prior to v4.0.1.1 Siemens SCALANCE S623 versions prior to v4.0.1.1 Siemens SCALANCE S627-2M versions prior to v4.0.1.1
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0390", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance s623", "scope": "lt", "trust": 2.4, "vendor": "siemens", "version": "4.0.1.1" }, { "model": "scalance s612", "scope": "lt", "trust": 2.4, "vendor": "siemens", "version": "4.0.1.1" }, { "model": "scalance s627-2m", "scope": "lt", "trust": 2.4, "vendor": "siemens", "version": "4.0.1.1" }, { "model": "scalance s602", "scope": "lt", "trust": 1.4, "vendor": "siemens", "version": "4.0.1.1" }, { "model": "scalance s602", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "v4.0.1.1" }, { "model": "scalance s627-2m", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.0" }, { "model": "scalance s623", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.0" }, { "model": "scalance s612", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.0" }, { "model": "scalance s602", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.0" }, { "model": "scalance s627-2m", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.0.1.1" }, { "model": "scalance s623", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.0.1.1" }, { "model": "scalance s612", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.0.1.1" }, { "model": "scalance s602", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.0.1.1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25913" }, { "db": "BID", "id": "105937" }, { "db": "JVNDB", "id": "JVNDB-2018-014529" }, { "db": "NVD", "id": "CVE-2018-16555" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:scalance_s602_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s612_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s623_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s627-2m_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014529" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Nelson Berg of Applied Risk", "sources": [ { "db": "BID", "id": "105937" } ], "trust": 0.3 }, "cve": "CVE-2018-16555", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "CVE-2018-16555", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 4.9, "id": "CNVD-2018-25913", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.3, "id": "CVE-2018-16555", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "trust": 1.8, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-16555", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2018-16555", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2018-25913", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201811-487", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25913" }, { "db": "JVNDB", "id": "JVNDB-2018-014529" }, { "db": "CNNVD", "id": "CNNVD-201811-487" }, { "db": "NVD", "id": "CVE-2018-16555" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.0.1.1), SCALANCE S612 (All versions \u003c V4.0.1.1), SCALANCE S623 (All versions \u003c V4.0.1.1), SCALANCE S627-2M (All versions \u003c V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. plural SCALANCE The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SiemensSCALANCES602 and other Siemens are the Ethernet security modules of Siemens. A cross-site scripting vulnerability exists in several Siemens products that can be exploited by a remote attacker to inject arbitrary scripts with malicious links. Siemens SCALANCE S is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nThe following products are affected:\nSiemens SCALANCE S602 versions prior to v4.0.1.1\nSiemens SCALANCE S612 versions prior to v4.0.1.1\nSiemens SCALANCE S623 versions prior to v4.0.1.1\nSiemens SCALANCE S627-2M versions prior to v4.0.1.1", "sources": [ { "db": "NVD", "id": "CVE-2018-16555" }, { "db": "JVNDB", "id": "JVNDB-2018-014529" }, { "db": "CNVD", "id": "CNVD-2018-25913" }, { "db": "BID", "id": "105937" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-16555", "trust": 3.3 }, { "db": "BID", "id": "105937", "trust": 1.9 }, { "db": "ICS CERT", "id": "ICSA-18-317-04", "trust": 1.7 }, { "db": "SIEMENS", "id": "SSA-242982", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2018-014529", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2018-25913", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201811-487", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25913" }, { "db": "BID", "id": "105937" }, { "db": "JVNDB", "id": "JVNDB-2018-014529" }, { "db": "CNNVD", "id": "CNNVD-201811-487" }, { "db": "NVD", "id": "CVE-2018-16555" } ] }, "id": "VAR-201812-0390", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2018-25913" } ], "trust": 1.2666667 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25913" } ] }, "last_update_date": "2024-11-23T22:55:41.464000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-242982", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf" }, { "title": "Patches for multiple Siemens product cross-site scripting vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/147645" }, { "title": "Multiple Siemens Fixes for product cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86888" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25913" }, { "db": "JVNDB", "id": "JVNDB-2018-014529" }, { "db": "CNNVD", "id": "CNNVD-201811-487" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 }, { "problemtype": "CWE-80", "trust": 1.0 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014529" }, { "db": "NVD", "id": "CVE-2018-16555" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-317-04" }, { "trust": 1.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242982.pdf" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/105937" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16555" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16555" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-25913" }, { "db": "BID", "id": "105937" }, { "db": "JVNDB", "id": "JVNDB-2018-014529" }, { "db": "CNNVD", "id": "CNNVD-201811-487" }, { "db": "NVD", "id": "CVE-2018-16555" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2018-25913" }, { "db": "BID", "id": "105937" }, { "db": "JVNDB", "id": "JVNDB-2018-014529" }, { "db": "CNNVD", "id": "CNNVD-201811-487" }, { "db": "NVD", "id": "CVE-2018-16555" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-20T00:00:00", "db": "CNVD", "id": "CNVD-2018-25913" }, { "date": "2018-11-13T00:00:00", "db": "BID", "id": "105937" }, { "date": "2019-03-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014529" }, { "date": "2018-11-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-487" }, { "date": "2018-12-13T16:29:00.460000", "db": "NVD", "id": "CVE-2018-16555" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-12-20T00:00:00", "db": "CNVD", "id": "CNVD-2018-25913" }, { "date": "2018-11-13T00:00:00", "db": "BID", "id": "105937" }, { "date": "2019-03-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-014529" }, { "date": "2019-10-17T00:00:00", "db": "CNNVD", "id": "CNNVD-201811-487" }, { "date": "2024-11-21T03:52:58.247000", "db": "NVD", "id": "CVE-2018-16555" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-487" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural SCALANCE Product cross-site scripting vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-014529" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-201811-487" } ], "trust": 0.6 } }
var-202002-0451
Vulnerability from variot
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. plural SCALANCE The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Siemens SCALANCE S-600 Firewall is an industrial firewall device.
There is a security vulnerability in port 443 of the Siemens SCALANCE S-600 Firewall WEB server, allowing remote attackers to use the vulnerability to submit special requests for denial of service attacks
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0451", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance s623", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s612", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s602", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s623", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s627-2m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s612", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s602", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s602", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s612", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s623", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s627-2m", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s623", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s612", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s602", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s602", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s612", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s623", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s627 2m", "version": "*" } ], "sources": [ { "db": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913" }, { "db": "CNVD", "id": "CNVD-2020-12677" }, { "db": "JVNDB", "id": "JVNDB-2019-014545" }, { "db": "NVD", "id": "CVE-2019-13925" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:scalance_s602_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s612_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s623_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s627-2m_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014545" } ] }, "cve": "CVE-2019-13925", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-13925", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014545", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2020-12677", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "df09f765-433c-4b5f-95c5-2fa30ad23913", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-13925", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014545", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-13925", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2019-014545", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-12677", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202002-450", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913" }, { "db": "CNVD", "id": "CNVD-2020-12677" }, { "db": "JVNDB", "id": "JVNDB-2019-014545" }, { "db": "CNNVD", "id": "CNNVD-202002-450" }, { "db": "NVD", "id": "CVE-2019-13925" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SCALANCE S602 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S612 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S623 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S627-2M (All versions \u003e= V3.0 and \u003c V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. plural SCALANCE The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. Siemens SCALANCE S-600 Firewall is an industrial firewall device. \n\r\n\r\nThere is a security vulnerability in port 443 of the Siemens SCALANCE S-600 Firewall WEB server, allowing remote attackers to use the vulnerability to submit special requests for denial of service attacks", "sources": [ { "db": "NVD", "id": "CVE-2019-13925" }, { "db": "JVNDB", "id": "JVNDB-2019-014545" }, { "db": "CNVD", "id": "CNVD-2020-12677" }, { "db": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-13925", "trust": 3.2 }, { "db": "ICS CERT", "id": "ICSA-20-042-10", "trust": 3.0 }, { "db": "SIEMENS", "id": "SSA-591405", "trust": 2.2 }, { "db": "CNVD", "id": "CNVD-2020-12677", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202002-450", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-014545", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2020.0486", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0486.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0486.2", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-07", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-09", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-05", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-02", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-04", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-08", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-01", "trust": 0.6 }, { "db": "IVD", "id": "DF09F765-433C-4B5F-95C5-2FA30AD23913", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913" }, { "db": "CNVD", "id": "CNVD-2020-12677" }, { "db": "JVNDB", "id": "JVNDB-2019-014545" }, { "db": "CNNVD", "id": "CNNVD-202002-450" }, { "db": "NVD", "id": "CVE-2019-13925" } ] }, "id": "VAR-202002-0451", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913" }, { "db": "CNVD", "id": "CNVD-2020-12677" } ], "trust": 1.4666667 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913" }, { "db": "CNVD", "id": "CNVD-2020-12677" } ] }, "last_update_date": "2024-11-23T19:58:17.464000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-591405", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "title": "Patch for Siemens SCALANCE S-600 Firewall Web Server Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/202419" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-12677" }, { "db": "JVNDB", "id": "JVNDB-2019-014545" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014545" }, { "db": "NVD", "id": "CVE-2019-13925" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13925" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13925" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-042-10" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-12677" }, { "db": "JVNDB", "id": "JVNDB-2019-014545" }, { "db": "CNNVD", "id": "CNNVD-202002-450" }, { "db": "NVD", "id": "CVE-2019-13925" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913" }, { "db": "CNVD", "id": "CNVD-2020-12677" }, { "db": "JVNDB", "id": "JVNDB-2019-014545" }, { "db": "CNNVD", "id": "CNNVD-202002-450" }, { "db": "NVD", "id": "CVE-2019-13925" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-11T00:00:00", "db": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913" }, { "date": "2020-02-21T00:00:00", "db": "CNVD", "id": "CNVD-2020-12677" }, { "date": "2020-02-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014545" }, { "date": "2020-02-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-450" }, { "date": "2020-02-11T16:15:14.587000", "db": "NVD", "id": "CVE-2019-13925" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-21T00:00:00", "db": "CNVD", "id": "CNVD-2020-12677" }, { "date": "2020-02-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014545" }, { "date": "2021-04-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-450" }, { "date": "2024-11-21T04:25:42.677000", "db": "NVD", "id": "CVE-2019-13925" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-450" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SCALANCE S-600 Firewall WEB Server Denial of Service Vulnerability", "sources": [ { "db": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913" }, { "db": "CNVD", "id": "CNVD-2020-12677" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource management error", "sources": [ { "db": "IVD", "id": "df09f765-433c-4b5f-95c5-2fa30ad23913" }, { "db": "CNNVD", "id": "CNNVD-202002-450" } ], "trust": 0.8 } }
var-201911-1095
Vulnerability from variot
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks.
There is a denial of service vulnerability in the SIEMENS SCALAN CES-600 family. An attacker could use the vulnerability to send packets to the affected device's 443 / tcp port, resulting in a denial of service situation
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201911-1095", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "windows server 2012", "scope": "eq", "trust": 1.8, "vendor": "microsoft", "version": "r2" }, { "model": "windows 8.1", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2012", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows rt 8.1", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems" }, { "model": "windows 10", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems" }, { "model": "windows 8.1", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for 32-bit systems" }, { "model": "windows 8.1", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "for x64-based systems" }, { "model": "windows rt 8.1", "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": "windows server 2012", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "none" }, { "model": "windows server 2012", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "(server core installation)" }, { "model": "windows server 2012", "scope": "eq", "trust": 0.8, "vendor": "microsoft", "version": "r2 (server core installation)" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s623", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s612", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s602", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04717" }, { "db": "JVNDB", "id": "JVNDB-2019-011780" }, { "db": "NVD", "id": "CVE-2019-1392" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:microsoft:windows_10", "vulnerable": true }, { "cpe22Uri": "cpe:/o:microsoft:windows_8.1", "vulnerable": true }, { "cpe22Uri": "cpe:/o:microsoft:windows_rt_8.1", "vulnerable": true }, { "cpe22Uri": "cpe:/o:microsoft:windows_server_2012", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-011780" } ] }, "cve": "CVE-2019-1392", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.9, "id": "CVE-2019-1392", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2020-04717", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "id": "CVE-2019-1392", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-1392", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-1392", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-1392", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-04717", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201911-566", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04717" }, { "db": "JVNDB", "id": "JVNDB-2019-011780" }, { "db": "CNNVD", "id": "CNNVD-201911-566" }, { "db": "NVD", "id": "CVE-2019-1392" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \u0027Windows Kernel Elevation of Privilege Vulnerability\u0027. SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks. \n\r\n\r\nThere is a denial of service vulnerability in the SIEMENS SCALAN CES-600 family. An attacker could use the vulnerability to send packets to the affected device\u0027s 443 / tcp port, resulting in a denial of service situation", "sources": [ { "db": "NVD", "id": "CVE-2019-1392" }, { "db": "JVNDB", "id": "JVNDB-2019-011780" }, { "db": "CNVD", "id": "CNVD-2020-04717" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-1392", "trust": 3.0 }, { "db": "JVNDB", "id": "JVNDB-2019-011780", "trust": 0.8 }, { "db": "SIEMENS", "id": "SSA-591405", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2020-04717", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201911-566", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04717" }, { "db": "JVNDB", "id": "JVNDB-2019-011780" }, { "db": "CNNVD", "id": "CNNVD-201911-566" }, { "db": "NVD", "id": "CVE-2019-1392" } ] }, "id": "VAR-201911-1095", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-04717" } ], "trust": 1.2666667 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04717" } ] }, "last_update_date": "2024-11-23T20:45:54.153000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "CVE-2019-1392 | Windows Kernel Elevation of Privilege Vulnerability", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1392" }, { "title": "CVE-2019-1392 | Windows \u30ab\u30fc\u30cd\u30eb\u306e\u7279\u6a29\u306e\u6607\u683c\u306e\u8106\u5f31\u6027", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/CVE-2019-1392" }, { "title": "Patch for SIEMENS SCALAN CES-600 family denial of service vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/200135" }, { "title": "Microsoft Windows Kernel Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102904" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04717" }, { "db": "JVNDB", "id": "JVNDB-2019-011780" }, { "db": "CNNVD", "id": "CNNVD-201911-566" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-269", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-011780" }, { "db": "NVD", "id": "CVE-2019-1392" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-1392" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1392" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1392" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20191113-ms.html" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2019/at190042.html" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "trust": 0.6, "url": "https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-1392" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/microsoft-windows-vulnerabilities-of-november-2019-30842" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04717" }, { "db": "JVNDB", "id": "JVNDB-2019-011780" }, { "db": "CNNVD", "id": "CNNVD-201911-566" }, { "db": "NVD", "id": "CVE-2019-1392" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-04717" }, { "db": "JVNDB", "id": "JVNDB-2019-011780" }, { "db": "CNNVD", "id": "CNNVD-201911-566" }, { "db": "NVD", "id": "CVE-2019-1392" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-12T00:00:00", "db": "CNVD", "id": "CNVD-2020-04717" }, { "date": "2019-11-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-011780" }, { "date": "2019-11-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201911-566" }, { "date": "2019-11-12T19:15:12.833000", "db": "NVD", "id": "CVE-2019-1392" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-12T00:00:00", "db": "CNVD", "id": "CNVD-2020-04717" }, { "date": "2019-11-18T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-011780" }, { "date": "2020-08-25T00:00:00", "db": "CNNVD", "id": "CNNVD-201911-566" }, { "date": "2024-11-21T04:36:37.067000", "db": "NVD", "id": "CVE-2019-1392" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201911-566" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Microsoft Windows Vulnerability with elevated privileges in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-011780" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201911-566" } ], "trust": 0.6 } }
var-202003-0596
Vulnerability from variot
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. plural SCALANCE The product contains a cross-site scripting vulnerability.Information may be obtained and tampered with. SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks.
A cross-site scripting vulnerability exists in the SIEMENS SCALAN CES-600 family. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202003-0596", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance s623", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s612", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s602", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s623", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s627-2m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s612", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s602", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s602", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s612", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s623", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s627-2m", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s623", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s612", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s602", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s602", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s612", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s623", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s627 2m", "version": "*" } ], "sources": [ { "db": "IVD", "id": "83495263-4555-4833-b119-9abb9baab19d" }, { "db": "CNVD", "id": "CNVD-2020-04716" }, { "db": "JVNDB", "id": "JVNDB-2019-014891" }, { "db": "NVD", "id": "CVE-2019-6585" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:scalance_s602_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s612_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s623_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s627-2m_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014891" } ] }, "cve": "CVE-2019-6585", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2019-6585", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.0, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014891", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CNVD-2020-04716", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "83495263-4555-4833-b119-9abb9baab19d", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "id": "CVE-2019-6585", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2019-014891", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-6585", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2019-014891", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-04716", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202002-591", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "83495263-4555-4833-b119-9abb9baab19d", "trust": 0.2, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "83495263-4555-4833-b119-9abb9baab19d" }, { "db": "CNVD", "id": "CNVD-2020-04716" }, { "db": "JVNDB", "id": "JVNDB-2019-014891" }, { "db": "CNNVD", "id": "CNNVD-202002-591" }, { "db": "NVD", "id": "CVE-2019-6585" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SCALANCE S602 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S612 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S623 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S627-2M (All versions \u003e= V3.0 and \u003c V4.1). The integrated configuration web server of the affected devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. plural SCALANCE The product contains a cross-site scripting vulnerability.Information may be obtained and tampered with. SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks. \n\r\n\r\nA cross-site scripting vulnerability exists in the SIEMENS SCALAN CES-600 family. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it", "sources": [ { "db": "NVD", "id": "CVE-2019-6585" }, { "db": "JVNDB", "id": "JVNDB-2019-014891" }, { "db": "CNVD", "id": "CNVD-2020-04716" }, { "db": "IVD", "id": "83495263-4555-4833-b119-9abb9baab19d" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6585", "trust": 3.2 }, { "db": "ICS CERT", "id": "ICSA-20-042-10", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-591405", "trust": 2.2 }, { "db": "CNVD", "id": "CNVD-2020-04716", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202002-591", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-014891", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2020.0486", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0486.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0486.2", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-07", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-09", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-05", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-02", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-04", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-08", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-01", "trust": 0.6 }, { "db": "IVD", "id": "83495263-4555-4833-B119-9ABB9BAAB19D", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "83495263-4555-4833-b119-9abb9baab19d" }, { "db": "CNVD", "id": "CNVD-2020-04716" }, { "db": "JVNDB", "id": "JVNDB-2019-014891" }, { "db": "CNNVD", "id": "CNNVD-202002-591" }, { "db": "NVD", "id": "CVE-2019-6585" } ] }, "id": "VAR-202003-0596", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "83495263-4555-4833-b119-9abb9baab19d" }, { "db": "CNVD", "id": "CNVD-2020-04716" } ], "trust": 1.4666667 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "83495263-4555-4833-b119-9abb9baab19d" }, { "db": "CNVD", "id": "CNVD-2020-04716" } ] }, "last_update_date": "2024-11-23T21:02:28.827000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-591405", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "title": "Patch for SIEMENS SCALAN CES-600 family cross-site scripting vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/200129" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04716" }, { "db": "JVNDB", "id": "JVNDB-2019-014891" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.8 }, { "problemtype": "CWE-80", "trust": 1.0 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014891" }, { "db": "NVD", "id": "CVE-2019-6585" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6585" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6585" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-042-10" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04716" }, { "db": "JVNDB", "id": "JVNDB-2019-014891" }, { "db": "CNNVD", "id": "CNNVD-202002-591" }, { "db": "NVD", "id": "CVE-2019-6585" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "83495263-4555-4833-b119-9abb9baab19d" }, { "db": "CNVD", "id": "CNVD-2020-04716" }, { "db": "JVNDB", "id": "JVNDB-2019-014891" }, { "db": "CNNVD", "id": "CNNVD-202002-591" }, { "db": "NVD", "id": "CVE-2019-6585" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-11T00:00:00", "db": "IVD", "id": "83495263-4555-4833-b119-9abb9baab19d" }, { "date": "2020-02-12T00:00:00", "db": "CNVD", "id": "CNVD-2020-04716" }, { "date": "2020-03-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014891" }, { "date": "2020-02-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-591" }, { "date": "2020-03-10T20:15:20.257000", "db": "NVD", "id": "CVE-2019-6585" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-12T00:00:00", "db": "CNVD", "id": "CNVD-2020-04716" }, { "date": "2020-03-31T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014891" }, { "date": "2021-04-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-591" }, { "date": "2024-11-21T04:46:45.233000", "db": "NVD", "id": "CVE-2019-6585" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-591" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SIEMENS SCALAN CES-600 family Cross-Site Scripting Vulnerability", "sources": [ { "db": "IVD", "id": "83495263-4555-4833-b119-9abb9baab19d" }, { "db": "CNVD", "id": "CNVD-2020-04716" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-591" } ], "trust": 0.6 } }
var-201204-0125
Vulnerability from variot
Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. The Siemens SCALANCE S-series security modules can be used to protect all Ethernet devices from unauthorized access. The WEB configuration interface provided by the Siemens SCALANCE firewall does not impose a mandatory time delay on the failed login, allowing the attacker to detect a large number of passwords in a short period of time and perform brute force attacks. The following devices are affected by this vulnerability: * Scalance S602 V2 Scalance S612 V2 Scalance S613 V2. The Profinet DCP protocol handles errors that can make the firewall unresponsive or interrupt an established VPN tunnel through a specially crafted DCP frame. Siemens Scalance Firewall filters inbound and outbound network connections in a variety of ways to secure a trusted industrial network. Siemens Scalance Firewall has multiple vulnerabilities in its implementation that can be exploited by malicious users to perform brute force attacks or cause denial of service. Siemens Scalance Firewall is prone to a denial-of-service vulnerability and a security-bypass weakness. Attackers can exploit these issues to cause denial-of-service conditions or conduct brute-force attacks. Profinet DCP There was an error in the protocol processing. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens Scalance Firewall Two Vulnerabilities
SECUNIA ADVISORY ID: SA48680
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48680
RELEASE DATE: 2012-04-06
DISCUSS ADVISORY: http://secunia.com/advisories/48680/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48680/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48680
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability and a weakness have been reported in Siemens Scalance Firewall, which can be exploited by malicious people to conduct brute-force attacks or cause a DoS (Denial of Service).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Adam Hahn and Manimaran Govindarasu, Iowa State University.
ORIGINAL ADVISORY: Siemens SSA-268149: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0125", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance s602", "scope": "eq", "trust": 2.0, "vendor": "siemens", "version": "v2" }, { "model": "scalance s612", "scope": "eq", "trust": 2.0, "vendor": "siemens", "version": "v2" }, { "model": "scalance s613", "scope": "eq", "trust": 2.0, "vendor": "siemens", "version": "v2" }, { "model": "scalance s", "scope": "eq", "trust": 1.8, "vendor": "siemens", "version": "2.2.0" }, { "model": "scalance s", "scope": "eq", "trust": 1.8, "vendor": "siemens", "version": "2.1.0" }, { "model": "scalance firewall s613", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "v2" }, { "model": "scalance firewall s612", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "v2" }, { "model": "scalance firewall s602", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "v2" }, { "model": "scalance s security modules", "scope": null, "trust": 1.2, "vendor": "siemens", "version": null }, { "model": "scalance s", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.3.0" }, { "model": "scalance s", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "2.3.0" }, { "model": "scalance s", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "2.3.0.3" }, { "model": "scalance s security modules null", "scope": "eq", "trust": 0.4, "vendor": "siemens", "version": "*" }, { "model": "scalance s602", "scope": "eq", "trust": 0.2, "vendor": "siemens", "version": "v2\u003c2.3.0.3" }, { "model": "scalance s612", "scope": "eq", "trust": 0.2, "vendor": "siemens", "version": "v2\u003c2.3.0.3" }, { "model": "scalance s613", "scope": "eq", "trust": 0.2, "vendor": "siemens", "version": "v2\u003c2.3.0.3" } ], "sources": [ { "db": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "BID", "id": "52923" }, { "db": "JVNDB", "id": "JVNDB-2012-002097" }, { "db": "CNNVD", "id": "CNNVD-201204-415" }, { "db": "NVD", "id": "CVE-2012-1800" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:siemens:scalance_s_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:scalance_s602", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:scalance_s612", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:scalance_s613", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-002097" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adam Hahn and Manimaran Govindarasu of Iowa State University", "sources": [ { "db": "BID", "id": "52923" } ], "trust": 0.3 }, "cve": "CVE-2012-1800", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "CVE-2012-1800", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2012-9499", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "f0a992b0-2353-11e6-abef-000c29c66e3d", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": null, "accessVector": null, "authentication": null, "author": "IVD", "availabilityImpact": null, "baseScore": null, "confidentialityImpact": null, "exploitabilityScore": null, "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d", "impactScore": null, "integrityImpact": null, "severity": null, "trust": 0.2, "vectorString": null, "version": "unknown" }, { "accessComplexity": null, "accessVector": null, "authentication": null, "author": "IVD", "availabilityImpact": null, "baseScore": null, "confidentialityImpact": null, "exploitabilityScore": null, "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d", "impactScore": null, "integrityImpact": null, "severity": null, "trust": 0.2, "vectorString": null, "version": "unknown" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "VHN-55081", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-1800", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2012-1800", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2012-9499", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201204-415", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-55081", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "VULHUB", "id": "VHN-55081" }, { "db": "JVNDB", "id": "JVNDB-2012-002097" }, { "db": "CNNVD", "id": "CNNVD-201204-415" }, { "db": "NVD", "id": "CVE-2012-1800" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. The Siemens SCALANCE S-series security modules can be used to protect all Ethernet devices from unauthorized access. The WEB configuration interface provided by the Siemens SCALANCE firewall does not impose a mandatory time delay on the failed login, allowing the attacker to detect a large number of passwords in a short period of time and perform brute force attacks. The following devices are affected by this vulnerability: * Scalance S602 V2* Scalance S612 V2* Scalance S613 V2. The Profinet DCP protocol handles errors that can make the firewall unresponsive or interrupt an established VPN tunnel through a specially crafted DCP frame. Siemens Scalance Firewall filters inbound and outbound network connections in a variety of ways to secure a trusted industrial network. Siemens Scalance Firewall has multiple vulnerabilities in its implementation that can be exploited by malicious users to perform brute force attacks or cause denial of service. Siemens Scalance Firewall is prone to a denial-of-service vulnerability and a security-bypass weakness. \nAttackers can exploit these issues to cause denial-of-service conditions or conduct brute-force attacks. Profinet DCP There was an error in the protocol processing. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens Scalance Firewall Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA48680\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48680/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48680\n\nRELEASE DATE:\n2012-04-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48680/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48680/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48680\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability and a weakness have been reported in Siemens Scalance\nFirewall, which can be exploited by malicious people to conduct\nbrute-force attacks or cause a DoS (Denial of Service). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Adam Hahn and Manimaran Govindarasu, Iowa State\nUniversity. \n\nORIGINAL ADVISORY:\nSiemens SSA-268149:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-1800" }, { "db": "JVNDB", "id": "JVNDB-2012-002097" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "BID", "id": "52923" }, { "db": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-55081" }, { "db": "PACKETSTORM", "id": "111646" } ], "trust": 4.59 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-1800", "trust": 2.7 }, { "db": "ICS CERT", "id": "ICSA-12-102-05", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-268149", "trust": 2.1 }, { "db": "SECUNIA", "id": "48680", "trust": 2.0 }, { "db": "OSVDB", "id": "81034", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2012-9499", "trust": 1.0 }, { "db": "CNNVD", "id": "CNNVD-201204-415", "trust": 0.9 }, { "db": "BID", "id": "52923", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-1796", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2012-1797", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-002097", "trust": 0.8 }, { "db": "IVD", "id": "F0A992B0-2353-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7D7849EE-463F-11E9-A2E5-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "3715CBC8-1F6D-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "AAF0F00A-1F6C-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "BEE18EBC-1F6C-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-55081", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111646", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "VULHUB", "id": "VHN-55081" }, { "db": "BID", "id": "52923" }, { "db": "JVNDB", "id": "JVNDB-2012-002097" }, { "db": "PACKETSTORM", "id": "111646" }, { "db": "CNNVD", "id": "CNNVD-201204-415" }, { "db": "NVD", "id": "CVE-2012-1800" } ] }, "id": "VAR-201204-0125", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "VULHUB", "id": "VHN-55081" } ], "trust": 3.687854971428571 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 2.8 } ], "sources": [ { "db": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" } ] }, "last_update_date": "2024-11-23T22:18:55.368000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Firmware update V2.3.0.3 for SCALANCE S", "trust": 0.8, "url": "http://support.automation.siemens.com/WW/view/en/59869684" }, { "title": "SSA-268149", "trust": 0.8, "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf" }, { "title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc", "trust": 0.8, "url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx" }, { "title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e", "trust": 0.8, "url": "http://www.siemens.com/entry/jp/ja/" }, { "title": "Siemens Scalance Firewall patch for brute force vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/15452" }, { "title": "Siemens Scalance Firewall denial of service vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/15471" }, { "title": "Siemens Scalance Firewall patch for two security vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/33804" }, { "title": "S6xxV2303", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42986" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "JVNDB", "id": "JVNDB-2012-002097" }, { "db": "CNNVD", "id": "CNNVD-201204-415" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-55081" }, { "db": "JVNDB", "id": "JVNDB-2012-002097" }, { "db": "NVD", "id": "CVE-2012-1800" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-102-05.pdf" }, { "trust": 2.1, "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf" }, { "trust": 1.9, "url": "http://secunia.com/advisories/48680/" }, { "trust": 1.7, "url": "http://support.automation.siemens.com/ww/view/en/59869684" }, { "trust": 1.1, "url": "http://osvdb.org/81034" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1800" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1800" }, { "trust": 0.6, "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-2" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48680/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48680" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "VULHUB", "id": "VHN-55081" }, { "db": "BID", "id": "52923" }, { "db": "JVNDB", "id": "JVNDB-2012-002097" }, { "db": "PACKETSTORM", "id": "111646" }, { "db": "CNNVD", "id": "CNNVD-201204-415" }, { "db": "NVD", "id": "CVE-2012-1800" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "VULHUB", "id": "VHN-55081" }, { "db": "BID", "id": "52923" }, { "db": "JVNDB", "id": "JVNDB-2012-002097" }, { "db": "PACKETSTORM", "id": "111646" }, { "db": "CNNVD", "id": "CNNVD-201204-415" }, { "db": "NVD", "id": "CVE-2012-1800" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-04-19T00:00:00", "db": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d" }, { "date": "2014-02-17T00:00:00", "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "date": "2014-02-17T00:00:00", "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "date": "2012-04-10T00:00:00", "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "date": "2012-04-10T00:00:00", "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "date": "2012-04-10T00:00:00", "db": "CNVD", "id": "CNVD-2012-1796" }, { "date": "2012-04-10T00:00:00", "db": "CNVD", "id": "CNVD-2012-1797" }, { "date": "2012-04-06T00:00:00", "db": "CNVD", "id": "CNVD-2012-9499" }, { "date": "2012-04-18T00:00:00", "db": "VULHUB", "id": "VHN-55081" }, { "date": "2012-04-05T00:00:00", "db": "BID", "id": "52923" }, { "date": "2012-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002097" }, { "date": "2012-04-06T04:58:59", "db": "PACKETSTORM", "id": "111646" }, { "date": "2012-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201204-415" }, { "date": "2012-04-18T10:33:34.933000", "db": "NVD", "id": "CVE-2012-1800" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-04-10T00:00:00", "db": "CNVD", "id": "CNVD-2012-1796" }, { "date": "2012-04-10T00:00:00", "db": "CNVD", "id": "CNVD-2012-1797" }, { "date": "2014-02-17T00:00:00", "db": "CNVD", "id": "CNVD-2012-9499" }, { "date": "2012-11-20T00:00:00", "db": "VULHUB", "id": "VHN-55081" }, { "date": "2012-04-05T00:00:00", "db": "BID", "id": "52923" }, { "date": "2012-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002097" }, { "date": "2012-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201204-415" }, { "date": "2024-11-21T01:37:48.413000", "db": "NVD", "id": "CVE-2012-1800" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "specific network environment", "sources": [ { "db": "CNNVD", "id": "CNNVD-201204-415" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Scalance S Security Module firewall Buffer Overflow Vulnerability", "sources": [ { "db": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d" }, { "db": "CNNVD", "id": "CNNVD-201204-415" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow", "sources": [ { "db": "IVD", "id": "f0a992b0-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "CNNVD", "id": "CNNVD-201204-415" } ], "trust": 1.0 } }
var-201204-0124
Vulnerability from variot
The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. The Siemens SCALANCE S-series security modules can be used to protect all Ethernet devices from unauthorized access. The WEB configuration interface provided by the Siemens SCALANCE firewall does not impose a mandatory time delay on the failed login, allowing the attacker to detect a large number of passwords in a short period of time and perform brute force attacks. The following devices are affected by this vulnerability: * Scalance S602 V2 Scalance S612 V2 Scalance S613 V2. The Profinet DCP protocol handles errors that can make the firewall unresponsive or interrupt an established VPN tunnel through a specially crafted DCP frame. Siemens Scalance Firewall filters inbound and outbound network connections in a variety of ways to secure a trusted industrial network. Siemens Scalance Firewall has multiple vulnerabilities in its implementation that can be exploited by malicious users to perform brute force attacks or cause denial of service. Siemens Scalance Firewall is prone to a denial-of-service vulnerability and a security-bypass weakness. Attackers can exploit these issues to cause denial-of-service conditions or conduct brute-force attacks. Profinet DCP There was an error in the protocol processing. The vulnerability is due to the unlimited number of verification times. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Siemens Scalance Firewall Two Vulnerabilities
SECUNIA ADVISORY ID: SA48680
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48680
RELEASE DATE: 2012-04-06
DISCUSS ADVISORY: http://secunia.com/advisories/48680/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48680/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48680
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability and a weakness have been reported in Siemens Scalance Firewall, which can be exploited by malicious people to conduct brute-force attacks or cause a DoS (Denial of Service).
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: The vendor credits Adam Hahn and Manimaran Govindarasu, Iowa State University.
ORIGINAL ADVISORY: Siemens SSA-268149: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0124", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance s602", "scope": "eq", "trust": 2.0, "vendor": "siemens", "version": "v2" }, { "model": "scalance s612", "scope": "eq", "trust": 2.0, "vendor": "siemens", "version": "v2" }, { "model": "scalance s613", "scope": "eq", "trust": 2.0, "vendor": "siemens", "version": "v2" }, { "model": "scalance s", "scope": "eq", "trust": 1.8, "vendor": "siemens", "version": "2.2.0" }, { "model": "scalance s", "scope": "eq", "trust": 1.8, "vendor": "siemens", "version": "2.1.0" }, { "model": "scalance firewall s613", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "v2" }, { "model": "scalance firewall s612", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "v2" }, { "model": "scalance firewall s602", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "v2" }, { "model": "scalance s security modules", "scope": null, "trust": 1.2, "vendor": "siemens", "version": null }, { "model": "scalance s", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.3.0" }, { "model": "scalance s", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "2.3.0" }, { "model": "scalance s", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "2.3.0.3" }, { "model": "scalance s security modules null", "scope": "eq", "trust": 0.4, "vendor": "siemens", "version": "*" }, { "model": "scalance s602", "scope": "eq", "trust": 0.2, "vendor": "siemens", "version": "v2\u003c2.3.0.3" }, { "model": "scalance s612", "scope": "eq", "trust": 0.2, "vendor": "siemens", "version": "v2\u003c2.3.0.3" }, { "model": "scalance s613", "scope": "eq", "trust": 0.2, "vendor": "siemens", "version": "v2\u003c2.3.0.3" } ], "sources": [ { "db": "IVD", "id": "f0b75d64-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "BID", "id": "52923" }, { "db": "JVNDB", "id": "JVNDB-2012-002096" }, { "db": "CNNVD", "id": "CNNVD-201204-414" }, { "db": "NVD", "id": "CVE-2012-1799" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:siemens:scalance_s_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:scalance_s602", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:scalance_s612", "vulnerable": true }, { "cpe22Uri": "cpe:/h:siemens:scalance_s613", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-002096" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adam Hahn and Manimaran Govindarasu of Iowa State University", "sources": [ { "db": "BID", "id": "52923" } ], "trust": 0.3 }, "cve": "CVE-2012-1799", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2012-1799", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2012-9499", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "f0b75d64-2353-11e6-abef-000c29c66e3d", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": null, "accessVector": null, "authentication": null, "author": "IVD", "availabilityImpact": null, "baseScore": null, "confidentialityImpact": null, "exploitabilityScore": null, "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d", "impactScore": null, "integrityImpact": null, "severity": null, "trust": 0.2, "vectorString": null, "version": "unknown" }, { "accessComplexity": null, "accessVector": null, "authentication": null, "author": "IVD", "availabilityImpact": null, "baseScore": null, "confidentialityImpact": null, "exploitabilityScore": null, "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d", "impactScore": null, "integrityImpact": null, "severity": null, "trust": 0.2, "vectorString": null, "version": "unknown" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "VHN-55080", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2012-1799", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2012-1799", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2012-9499", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201204-414", "trust": 0.6, "value": "CRITICAL" }, { "author": "IVD", "id": "f0b75d64-2353-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "CRITICAL" }, { "author": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "HIGH" }, { "author": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-55080", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "f0b75d64-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "VULHUB", "id": "VHN-55080" }, { "db": "JVNDB", "id": "JVNDB-2012-002096" }, { "db": "CNNVD", "id": "CNNVD-201204-414" }, { "db": "NVD", "id": "CVE-2012-1799" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. The Siemens SCALANCE S-series security modules can be used to protect all Ethernet devices from unauthorized access. The WEB configuration interface provided by the Siemens SCALANCE firewall does not impose a mandatory time delay on the failed login, allowing the attacker to detect a large number of passwords in a short period of time and perform brute force attacks. The following devices are affected by this vulnerability: * Scalance S602 V2* Scalance S612 V2* Scalance S613 V2. The Profinet DCP protocol handles errors that can make the firewall unresponsive or interrupt an established VPN tunnel through a specially crafted DCP frame. Siemens Scalance Firewall filters inbound and outbound network connections in a variety of ways to secure a trusted industrial network. Siemens Scalance Firewall has multiple vulnerabilities in its implementation that can be exploited by malicious users to perform brute force attacks or cause denial of service. Siemens Scalance Firewall is prone to a denial-of-service vulnerability and a security-bypass weakness. \nAttackers can exploit these issues to cause denial-of-service conditions or conduct brute-force attacks. Profinet DCP There was an error in the protocol processing. The vulnerability is due to the unlimited number of verification times. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens Scalance Firewall Two Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA48680\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48680/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48680\n\nRELEASE DATE:\n2012-04-06\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48680/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48680/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48680\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability and a weakness have been reported in Siemens Scalance\nFirewall, which can be exploited by malicious people to conduct\nbrute-force attacks or cause a DoS (Denial of Service). \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits Adam Hahn and Manimaran Govindarasu, Iowa State\nUniversity. \n\nORIGINAL ADVISORY:\nSiemens SSA-268149:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2012-1799" }, { "db": "JVNDB", "id": "JVNDB-2012-002096" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "BID", "id": "52923" }, { "db": "IVD", "id": "f0b75d64-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-55080" }, { "db": "PACKETSTORM", "id": "111646" } ], "trust": 4.59 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-1799", "trust": 2.7 }, { "db": "ICS CERT", "id": "ICSA-12-102-05", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-268149", "trust": 2.1 }, { "db": "SECUNIA", "id": "48680", "trust": 2.0 }, { "db": "OSVDB", "id": "81033", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2012-9499", "trust": 1.0 }, { "db": "CNNVD", "id": "CNNVD-201204-414", "trust": 0.9 }, { "db": "BID", "id": "52923", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2012-1796", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2012-1797", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2012-002096", "trust": 0.8 }, { "db": "IVD", "id": "F0B75D64-2353-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "7D7849EE-463F-11E9-A2E5-000C29342CB1", "trust": 0.2 }, { "db": "IVD", "id": "3715CBC8-1F6D-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "AAF0F00A-1F6C-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "BEE18EBC-1F6C-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-55080", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111646", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "f0b75d64-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "VULHUB", "id": "VHN-55080" }, { "db": "BID", "id": "52923" }, { "db": "JVNDB", "id": "JVNDB-2012-002096" }, { "db": "PACKETSTORM", "id": "111646" }, { "db": "CNNVD", "id": "CNNVD-201204-414" }, { "db": "NVD", "id": "CVE-2012-1799" } ] }, "id": "VAR-201204-0124", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "f0b75d64-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "VULHUB", "id": "VHN-55080" } ], "trust": 3.687854971428571 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 2.8 } ], "sources": [ { "db": "IVD", "id": "f0b75d64-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" } ] }, "last_update_date": "2024-11-23T22:18:55.296000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Firmware update V2.3.0.3 for SCALANCE S", "trust": 0.8, "url": "http://support.automation.siemens.com/WW/view/en/59869684" }, { "title": "SSA-268149", "trust": 0.8, "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf" }, { "title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u30d1\u30fc\u30c8\u30ca\u30fc", "trust": 0.8, "url": "http://www.automation.siemens.com/automation/jp/ja/solutionpartner/pages/default.aspx" }, { "title": "\u30b7\u30fc\u30e1\u30f3\u30b9\u30fb\u30b8\u30e3\u30d1\u30f3\u682a\u5f0f\u4f1a\u793e", "trust": 0.8, "url": "http://www.siemens.com/entry/jp/ja/" }, { "title": "Siemens Scalance Firewall patch for brute force vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/15452" }, { "title": "Siemens Scalance Firewall denial of service vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/15471" }, { "title": "Siemens Scalance Firewall patch for two security vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/33804" }, { "title": "S6xxV2303", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42986" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "JVNDB", "id": "JVNDB-2012-002096" }, { "db": "CNNVD", "id": "CNNVD-201204-414" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-287", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-55080" }, { "db": "JVNDB", "id": "JVNDB-2012-002096" }, { "db": "NVD", "id": "CVE-2012-1799" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://www.us-cert.gov/control_systems/pdf/icsa-12-102-05.pdf" }, { "trust": 2.1, "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-268149.pdf" }, { "trust": 1.9, "url": "http://secunia.com/advisories/48680/" }, { "trust": 1.7, "url": "http://support.automation.siemens.com/ww/view/en/59869684" }, { "trust": 1.1, "url": "http://osvdb.org/81033" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1799" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1799" }, { "trust": 0.6, "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-2" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.1, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48680/#comments" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48680" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "VULHUB", "id": "VHN-55080" }, { "db": "BID", "id": "52923" }, { "db": "JVNDB", "id": "JVNDB-2012-002096" }, { "db": "PACKETSTORM", "id": "111646" }, { "db": "CNNVD", "id": "CNNVD-201204-414" }, { "db": "NVD", "id": "CVE-2012-1799" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "f0b75d64-2353-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" }, { "db": "CNVD", "id": "CNVD-2012-1797" }, { "db": "CNVD", "id": "CNVD-2012-9499" }, { "db": "VULHUB", "id": "VHN-55080" }, { "db": "BID", "id": "52923" }, { "db": "JVNDB", "id": "JVNDB-2012-002096" }, { "db": "PACKETSTORM", "id": "111646" }, { "db": "CNNVD", "id": "CNNVD-201204-414" }, { "db": "NVD", "id": "CVE-2012-1799" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-04-19T00:00:00", "db": "IVD", "id": "f0b75d64-2353-11e6-abef-000c29c66e3d" }, { "date": "2014-02-17T00:00:00", "db": "IVD", "id": "7d7849ee-463f-11e9-a2e5-000c29342cb1" }, { "date": "2014-02-17T00:00:00", "db": "IVD", "id": "3715cbc8-1f6d-11e6-abef-000c29c66e3d" }, { "date": "2012-04-10T00:00:00", "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "date": "2012-04-10T00:00:00", "db": "IVD", "id": "bee18ebc-1f6c-11e6-abef-000c29c66e3d" }, { "date": "2012-04-10T00:00:00", "db": "CNVD", "id": "CNVD-2012-1796" }, { "date": "2012-04-10T00:00:00", "db": "CNVD", "id": "CNVD-2012-1797" }, { "date": "2012-04-06T00:00:00", "db": "CNVD", "id": "CNVD-2012-9499" }, { "date": "2012-04-18T00:00:00", "db": "VULHUB", "id": "VHN-55080" }, { "date": "2012-04-05T00:00:00", "db": "BID", "id": "52923" }, { "date": "2012-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002096" }, { "date": "2012-04-06T04:58:59", "db": "PACKETSTORM", "id": "111646" }, { "date": "2012-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201204-414" }, { "date": "2012-04-18T10:33:34.887000", "db": "NVD", "id": "CVE-2012-1799" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-04-10T00:00:00", "db": "CNVD", "id": "CNVD-2012-1796" }, { "date": "2012-04-10T00:00:00", "db": "CNVD", "id": "CNVD-2012-1797" }, { "date": "2014-02-17T00:00:00", "db": "CNVD", "id": "CNVD-2012-9499" }, { "date": "2012-12-06T00:00:00", "db": "VULHUB", "id": "VHN-55080" }, { "date": "2012-04-05T00:00:00", "db": "BID", "id": "52923" }, { "date": "2012-04-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002096" }, { "date": "2012-04-19T00:00:00", "db": "CNNVD", "id": "CNNVD-201204-414" }, { "date": "2024-11-21T01:37:48.300000", "db": "NVD", "id": "CVE-2012-1799" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201204-414" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Scalance Firewall Brute Force Vulnerability", "sources": [ { "db": "IVD", "id": "aaf0f00a-1f6c-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2012-1796" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "authorization issue", "sources": [ { "db": "CNNVD", "id": "CNNVD-201204-414" } ], "trust": 0.6 } }
var-202002-0452
Vulnerability from variot
A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device. plural SCALANCE The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks.
A denial of service vulnerability exists in the SIEMENS SCALAN CES-600 family
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0452", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance s623", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s612", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s602", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s623", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s627-2m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s612", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s602", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance s602", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s612", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s623", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s627-2m", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "3.0" }, { "model": "scalance s602", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s612", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s623", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "v3.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s602", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s612", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s623", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s627 2m", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e116119c-a047-4201-a0b6-776fe88efba3" }, { "db": "CNVD", "id": "CNVD-2020-04718" }, { "db": "JVNDB", "id": "JVNDB-2019-014546" }, { "db": "NVD", "id": "CVE-2019-13926" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:scalance_s602_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s612_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s623_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s627-2m_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014546" } ] }, "cve": "CVE-2019-13926", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-13926", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 1.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014546", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2020-04718", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "e116119c-a047-4201-a0b6-776fe88efba3", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-13926", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014546", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-13926", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2019-014546", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-04718", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202002-452", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e116119c-a047-4201-a0b6-776fe88efba3", "trust": 0.2, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "e116119c-a047-4201-a0b6-776fe88efba3" }, { "db": "CNVD", "id": "CNVD-2020-04718" }, { "db": "JVNDB", "id": "JVNDB-2019-014546" }, { "db": "CNNVD", "id": "CNNVD-202002-452" }, { "db": "NVD", "id": "CVE-2019-13926" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SCALANCE S602 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S612 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S623 (All versions \u003e= V3.0 and \u003c V4.1), SCALANCE S627-2M (All versions \u003e= V3.0 and \u003c V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device. plural SCALANCE The product contains a resource exhaustion vulnerability.Service operation interruption (DoS) It may be put into a state. SCALANCE S firewall is used to protect trusted industrial networks from untrusted networks. \n\r\n\r\nA denial of service vulnerability exists in the SIEMENS SCALAN CES-600 family", "sources": [ { "db": "NVD", "id": "CVE-2019-13926" }, { "db": "JVNDB", "id": "JVNDB-2019-014546" }, { "db": "CNVD", "id": "CNVD-2020-04718" }, { "db": "IVD", "id": "e116119c-a047-4201-a0b6-776fe88efba3" } ], "trust": 2.34 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-13926", "trust": 3.2 }, { "db": "ICS CERT", "id": "ICSA-20-042-10", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-591405", "trust": 2.2 }, { "db": "CNVD", "id": "CNVD-2020-04718", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202002-452", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-014546", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2020.0486", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0486.3", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0486.2", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-07", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-09", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-05", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-02", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-04", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-08", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-01", "trust": 0.6 }, { "db": "IVD", "id": "E116119C-A047-4201-A0B6-776FE88EFBA3", "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e116119c-a047-4201-a0b6-776fe88efba3" }, { "db": "CNVD", "id": "CNVD-2020-04718" }, { "db": "JVNDB", "id": "JVNDB-2019-014546" }, { "db": "CNNVD", "id": "CNNVD-202002-452" }, { "db": "NVD", "id": "CVE-2019-13926" } ] }, "id": "VAR-202002-0452", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e116119c-a047-4201-a0b6-776fe88efba3" }, { "db": "CNVD", "id": "CNVD-2020-04718" } ], "trust": 1.4666667 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e116119c-a047-4201-a0b6-776fe88efba3" }, { "db": "CNVD", "id": "CNVD-2020-04718" } ] }, "last_update_date": "2024-11-23T19:38:38.766000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-591405", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "title": "Patch for SIEMENS SCALAN CES-600 family Denial of Service Vulnerability (CNVD-2020-04718)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/200137" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04718" }, { "db": "JVNDB", "id": "JVNDB-2019-014546" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014546" }, { "db": "NVD", "id": "CVE-2019-13926" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" }, { "trust": 2.2, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13926" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13926" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-042-10" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-04718" }, { "db": "JVNDB", "id": "JVNDB-2019-014546" }, { "db": "CNNVD", "id": "CNNVD-202002-452" }, { "db": "NVD", "id": "CVE-2019-13926" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e116119c-a047-4201-a0b6-776fe88efba3" }, { "db": "CNVD", "id": "CNVD-2020-04718" }, { "db": "JVNDB", "id": "JVNDB-2019-014546" }, { "db": "CNNVD", "id": "CNNVD-202002-452" }, { "db": "NVD", "id": "CVE-2019-13926" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-11T00:00:00", "db": "IVD", "id": "e116119c-a047-4201-a0b6-776fe88efba3" }, { "date": "2020-02-12T00:00:00", "db": "CNVD", "id": "CNVD-2020-04718" }, { "date": "2020-02-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014546" }, { "date": "2020-02-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-452" }, { "date": "2020-02-11T16:15:14.680000", "db": "NVD", "id": "CVE-2019-13926" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-17T00:00:00", "db": "CNVD", "id": "CNVD-2020-04718" }, { "date": "2020-02-27T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014546" }, { "date": "2022-03-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-452" }, { "date": "2024-11-21T04:25:42.803000", "db": "NVD", "id": "CVE-2019-13926" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-452" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural SCALANCE Product exhaustion vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014546" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource management error", "sources": [ { "db": "IVD", "id": "e116119c-a047-4201-a0b6-776fe88efba3" }, { "db": "CNNVD", "id": "CNNVD-202002-452" } ], "trust": 0.8 } }
var-202103-1464
Vulnerability from variot
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:
Openshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:
See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.5/html/serverless_applications/index
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- ========================================================================== Ubuntu Security Notice USN-4891-1 March 25, 2021
openssl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
OpenSSL could be made to crash or run programs if it received specially crafted network traffic. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.3
Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.3
Ubuntu 18.04 LTS: libssl1.1 1.1.1-1ubuntu2.1~18.04.9
After a standard system update you need to reboot your computer to make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Package List:
Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1200-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1200 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
-
openssl: NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
-
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
- Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO 24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal CYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe VG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK 8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp uYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE Z7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB hz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb a+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT Wg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K x0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy CkeZnyNSON8=u60F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.3.1.2" }, { "model": "mysql workbench", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "simatic cloud connect 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "cloud volumes ontap mediator", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic net cp 1543sp-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic pdm", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "9.1.0.7" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.12.1" }, { "model": "essbase", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.2" }, { "model": "sma100", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "10.2.0.0" }, { "model": "multi-domain management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance xp-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "simatic process historian opc ua server", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2019" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "simatic cp 1242-7 gprs v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "jd edwards world security", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "a9.4" }, { "model": "scalance xr524-8c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "tenable.sc", "scope": "gte", "trust": 1.0, "vendor": "tenable", "version": "5.13.0" }, { "model": "simatic rf188ci", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic net cp 1243-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "simatic rf185c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.13.0" }, { "model": "mysql connectors", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "simatic net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.6" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.24.0" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.7.33" }, { "model": "scalance xr-300wg", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "sma100", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "10.2.1.0-17sv" }, { "model": "simatic s7-1200 cpu 1217c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics connect 300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "12.12.0" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.11.1" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.58" }, { "model": "scalance xm-400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "simatic net cp1243-7 lte eu", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "quantum security gateway", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "communications communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0.0.0" }, { "model": "simatic rf360r", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic hmi comfort outdoor panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1214c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s615", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "mysql server", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.15" }, { "model": "simatic mv500", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1212fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinec pni", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "scalance xf-200ba", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.12.0" }, { "model": "simatic rf188c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic wincc runtime advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "zfs storage appliance kit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.8" }, { "model": "simatic s7-1200 cpu 1211c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nessus", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "8.13.1" }, { "model": "enterprise manager for storage management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "multi-domain management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.59" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "simatic hmi basic panels 2nd generation", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "scalance w700", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.5" }, { "model": "e-series performance analyzer", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance xr552-12", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "simatic net cp1243-7 lte us", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.0.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.1.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.3.5" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "14.14.0" }, { "model": "tenable.sc", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "5.17.0" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "10.1.1" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.1.1k" }, { "model": "simatic rf166c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "scalance xc-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "simatic s7-1200 cpu 1215c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "quantum security management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "scalance xr526-8c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "15.14.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "9.2.10" }, { "model": "tim 1531 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "sinec infrastructure network services", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.1.1" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.0.2" }, { "model": "secure backup", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "18.1.0.1.0" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.11.0" }, { "model": "storagegrid", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "scalance sc-600", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic pcs 7 telecontrol", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "12.22.1" }, { "model": "simatic rf186ci", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "10.1.1" }, { "model": "simatic net cp 1542sp-1 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "capture client", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "3.5" }, { "model": "simatic logon", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.6.0.2" }, { "model": "simatic wincc telecontrol", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "sonicos", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "7.0.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.6.0" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s623", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance lpe9403", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.13.0" }, { "model": "log correlation engine", "scope": "lt", "trust": 1.0, "vendor": "tenable", "version": "6.0.9" }, { "model": "scalance m-800", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "simatic rf186c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "8.2.19" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "14.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "9.2.10" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "14.16.1" }, { "model": "simatic hmi ktp mobile panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinema server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "scalance s612", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "santricity smi-s provider", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "quantum security management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "scalance xr528-6m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "tia administrator", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinec nms", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "simatic logon", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "freebsd", "scope": "eq", "trust": 1.0, "vendor": "freebsd", "version": "12.2" }, { "model": "sinumerik opc ua server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance xb-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "scalance s602", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "ruggedcom rcm1224", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.12.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.13.0" }, { "model": "simatic cp 1242-7 gprs v2", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "8.2.19" }, { "model": "quantum security gateway", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "simatic net cp 1545-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "simatic cloud connect 7", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "15.0.0" }, { "model": "simatic net cp 1243-8 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "scalance w1700", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "14.15.0" }, { "model": "simatic net cp 1543-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "hitachi ops center analyzer viewpoint", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "storagegrid", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "ontap select deploy administration utility", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "quantum security gateway", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null }, { "model": "tenable.sc", "scope": null, "trust": 0.8, "vendor": "tenable", "version": null }, { "model": "nessus", "scope": null, "trust": 0.8, "vendor": "tenable", "version": null }, { "model": "oncommand workflow automation", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "freebsd", "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": "hitachi ops center common services", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "santricity smi-s provider", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "mcafee web gateway \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2", "scope": null, "trust": 0.8, "vendor": "\u30de\u30ab\u30d5\u30a3\u30fc", "version": null }, { "model": "e-series performance analyzer", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "jp1/file transmission server/ftp", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "quantum security management", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null }, { "model": "openssl", "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": "cloud volumes ontap \u30e1\u30c7\u30a3\u30a8\u30fc\u30bf", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "jp1/base", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "web gateway cloud service", "scope": null, "trust": 0.8, "vendor": "\u30de\u30ab\u30d5\u30a3\u30fc", "version": null }, { "model": "multi-domain management", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" } ], "trust": 0.8 }, "cve": "CVE-2021-3449", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2021-3449", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-388130", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "id": "CVE-2021-3449", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-3449", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-3449", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-3449", "trust": 0.8, "value": "Medium" }, { "author": "VULHUB", "id": "VHN-388130", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:\n\nOpenshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless\nOperator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:\n\nSee the documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.5/html/serverless_applications/index\n\n4. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.0.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. ==========================================================================\nUbuntu Security Notice USN-4891-1\nMarch 25, 2021\n\nopenssl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash or run programs if it received specially\ncrafted network traffic. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service, or possibly execute\narbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libssl1.1 1.1.1f-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n libssl1.1 1.1.1f-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n libssl1.1 1.1.1-1ubuntu2.1~18.04.9\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update\nAdvisory ID: RHSA-2021:1200-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1200\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450\n====================================================================\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity fix(es):\n\n* openssl: NULL pointer deref in signature_algorithms processing\n(CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO\n24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal\nCYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe\nVG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK\n8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp\nuYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE\nZ7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB\nhz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb\na+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT\nWg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K\nx0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy\nCkeZnyNSON8=u60F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied", "sources": [ { "db": "NVD", "id": "CVE-2021-3449" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "VULHUB", "id": "VHN-388130" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-3449", "trust": 2.8 }, { "db": "TENABLE", "id": "TNS-2021-06", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-09", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-05", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-10", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/28/3", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/27/2", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/28/4", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/27/1", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-772220", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-389290", "trust": 1.1 }, { "db": "PULSESECURE", "id": "SA44845", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10356", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU92126369", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001383", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162197", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162076", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163257", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162013", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162383", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162189", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "161984", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162200", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162114", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162041", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162183", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162699", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162337", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162151", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162196", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162172", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162201", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162307", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-99170", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-388130", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162694", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "id": "VAR-202103-1464", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-388130" } ], "trust": 0.6742040990624999 }, "last_update_date": "2024-11-29T22:12:22.747000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2021-119 Software product security information", "trust": 0.8, "url": "https://www.debian.org/security/2021/dsa-4875" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.1 }, { "problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 1.1, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845" }, { "trust": 1.1, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" }, { "trust": 1.1, "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-05" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-06" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-09" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-10" }, { "trust": 1.1, "url": "https://www.debian.org/security/2021/dsa-4875" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/202103-03" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc" }, { "trust": 1.1, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/" }, { "trust": 1.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92126369/" }, { "trust": 0.8, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2021-3450" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20305" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13630" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20387" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000858" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3115" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1730" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19906" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-6405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20388" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3114" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20843" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2021" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19956" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20916" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29361" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2130" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-2708" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8927" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-14502" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8285" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9169" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-10228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24977" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13776" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3326" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8284" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28374" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27152" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27365" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26708" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1063" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.3" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-4891-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.3" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1024" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1203" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1200" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1195" } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-25T00:00:00", "db": "VULHUB", "id": "VHN-388130" }, { "date": "2021-05-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "date": "2021-05-19T14:19:18", "db": "PACKETSTORM", "id": "162694" }, { "date": "2021-06-23T15:44:15", "db": "PACKETSTORM", "id": "163257" }, { "date": "2021-04-29T14:37:49", "db": "PACKETSTORM", "id": "162383" }, { "date": "2021-04-05T15:16:03", "db": "PACKETSTORM", "id": "162076" }, { "date": "2021-03-26T14:15:18", "db": "PACKETSTORM", "id": "161984" }, { "date": "2021-03-30T14:07:13", "db": "PACKETSTORM", "id": "162013" }, { "date": "2021-04-15T13:50:30", "db": "PACKETSTORM", "id": "162200" }, { "date": "2021-04-15T13:50:04", "db": "PACKETSTORM", "id": "162197" }, { "date": "2021-04-14T16:50:04", "db": "PACKETSTORM", "id": "162189" }, { "date": "2021-03-25T15:15:13.450000", "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-29T00:00:00", "db": "VULHUB", "id": "VHN-388130" }, { "date": "2021-09-13T07:43:00", "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "date": "2024-11-21T06:21:33.050000", "db": "NVD", "id": "CVE-2021-3449" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "161984" } ], "trust": 0.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "162383" } ], "trust": 0.2 } }