All the vulnerabilites related to Siemens - SINUMERIK OPC UA Server
var-202103-1464
Vulnerability from variot
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:
Openshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:
See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.5/html/serverless_applications/index
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- ========================================================================== Ubuntu Security Notice USN-4891-1 March 25, 2021
openssl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
OpenSSL could be made to crash or run programs if it received specially crafted network traffic. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.3
Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.3
Ubuntu 18.04 LTS: libssl1.1 1.1.1-1ubuntu2.1~18.04.9
After a standard system update you need to reboot your computer to make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Package List:
Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1200-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1200 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
-
openssl: NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
-
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
- Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO 24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal CYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe VG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK 8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp uYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE Z7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB hz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb a+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT Wg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K x0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy CkeZnyNSON8=u60F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.3.1.2" }, { "model": "mysql workbench", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "simatic cloud connect 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "cloud volumes ontap mediator", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic net cp 1543sp-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic pdm", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "9.1.0.7" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.12.1" }, { "model": "essbase", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.2" }, { "model": "sma100", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "10.2.0.0" }, { "model": "multi-domain management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance xp-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "simatic process historian opc ua server", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2019" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "simatic cp 1242-7 gprs v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "jd edwards world security", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "a9.4" }, { "model": "scalance xr524-8c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "tenable.sc", "scope": "gte", "trust": 1.0, "vendor": "tenable", "version": "5.13.0" }, { "model": "simatic rf188ci", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic net cp 1243-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "simatic rf185c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.13.0" }, { "model": "mysql connectors", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "simatic net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.6" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.24.0" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.7.33" }, { "model": "scalance xr-300wg", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "sma100", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "10.2.1.0-17sv" }, { "model": "simatic s7-1200 cpu 1217c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics connect 300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "12.12.0" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.11.1" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.58" }, { "model": "scalance xm-400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "simatic net cp1243-7 lte eu", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "quantum security gateway", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "communications communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0.0.0" }, { "model": "simatic rf360r", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic hmi comfort outdoor panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1214c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s615", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "mysql server", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.15" }, { "model": "simatic mv500", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1212fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinec pni", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "scalance xf-200ba", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.12.0" }, { "model": "simatic rf188c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic wincc runtime advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "zfs storage appliance kit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.8" }, { "model": "simatic s7-1200 cpu 1211c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nessus", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "8.13.1" }, { "model": "enterprise manager for storage management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "multi-domain management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.59" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "simatic hmi basic panels 2nd generation", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "scalance w700", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.5" }, { "model": "e-series performance analyzer", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance xr552-12", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "simatic net cp1243-7 lte us", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.0.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.1.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.3.5" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "14.14.0" }, { "model": "tenable.sc", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "5.17.0" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "10.1.1" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.1.1k" }, { "model": "simatic rf166c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "scalance xc-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "simatic s7-1200 cpu 1215c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "quantum security management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "scalance xr526-8c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "15.14.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "9.2.10" }, { "model": "tim 1531 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "sinec infrastructure network services", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.1.1" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.0.2" }, { "model": "secure backup", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "18.1.0.1.0" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.11.0" }, { "model": "storagegrid", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "scalance sc-600", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic pcs 7 telecontrol", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "12.22.1" }, { "model": "simatic rf186ci", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "10.1.1" }, { "model": "simatic net cp 1542sp-1 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "capture client", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "3.5" }, { "model": "simatic logon", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.6.0.2" }, { "model": "simatic wincc telecontrol", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "sonicos", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "7.0.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.6.0" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s623", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance lpe9403", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.13.0" }, { "model": "log correlation engine", "scope": "lt", "trust": 1.0, "vendor": "tenable", "version": "6.0.9" }, { "model": "scalance m-800", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "simatic rf186c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "8.2.19" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "14.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "9.2.10" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "14.16.1" }, { "model": "simatic hmi ktp mobile panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinema server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "scalance s612", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "santricity smi-s provider", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "quantum security management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "scalance xr528-6m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "tia administrator", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinec nms", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "simatic logon", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "freebsd", "scope": "eq", "trust": 1.0, "vendor": "freebsd", "version": "12.2" }, { "model": "sinumerik opc ua server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance xb-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "scalance s602", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "ruggedcom rcm1224", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.12.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.13.0" }, { "model": "simatic cp 1242-7 gprs v2", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "8.2.19" }, { "model": "quantum security gateway", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "simatic net cp 1545-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "simatic cloud connect 7", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "15.0.0" }, { "model": "simatic net cp 1243-8 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "scalance w1700", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "14.15.0" }, { "model": "simatic net cp 1543-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "hitachi ops center analyzer viewpoint", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "storagegrid", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "ontap select deploy administration utility", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "quantum security gateway", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null }, { "model": "tenable.sc", "scope": null, "trust": 0.8, "vendor": "tenable", "version": null }, { "model": "nessus", "scope": null, "trust": 0.8, "vendor": "tenable", "version": null }, { "model": "oncommand workflow automation", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "freebsd", "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": "hitachi ops center common services", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "santricity smi-s provider", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "mcafee web gateway \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2", "scope": null, "trust": 0.8, "vendor": "\u30de\u30ab\u30d5\u30a3\u30fc", "version": null }, { "model": "e-series performance analyzer", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "jp1/file transmission server/ftp", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "quantum security management", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null }, { "model": "openssl", "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": "cloud volumes ontap \u30e1\u30c7\u30a3\u30a8\u30fc\u30bf", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "jp1/base", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "web gateway cloud service", "scope": null, "trust": 0.8, "vendor": "\u30de\u30ab\u30d5\u30a3\u30fc", "version": null }, { "model": "multi-domain management", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" } ], "trust": 0.8 }, "cve": "CVE-2021-3449", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2021-3449", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-388130", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "id": "CVE-2021-3449", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-3449", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-3449", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-3449", "trust": 0.8, "value": "Medium" }, { "author": "VULHUB", "id": "VHN-388130", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:\n\nOpenshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless\nOperator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:\n\nSee the documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.5/html/serverless_applications/index\n\n4. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.0.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. ==========================================================================\nUbuntu Security Notice USN-4891-1\nMarch 25, 2021\n\nopenssl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash or run programs if it received specially\ncrafted network traffic. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service, or possibly execute\narbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libssl1.1 1.1.1f-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n libssl1.1 1.1.1f-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n libssl1.1 1.1.1-1ubuntu2.1~18.04.9\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update\nAdvisory ID: RHSA-2021:1200-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1200\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450\n====================================================================\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity fix(es):\n\n* openssl: NULL pointer deref in signature_algorithms processing\n(CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO\n24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal\nCYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe\nVG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK\n8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp\nuYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE\nZ7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB\nhz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb\na+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT\nWg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K\nx0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy\nCkeZnyNSON8=u60F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied", "sources": [ { "db": "NVD", "id": "CVE-2021-3449" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "VULHUB", "id": "VHN-388130" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-3449", "trust": 2.8 }, { "db": "TENABLE", "id": "TNS-2021-06", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-09", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-05", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-10", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/28/3", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/27/2", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/28/4", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/27/1", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-772220", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-389290", "trust": 1.1 }, { "db": "PULSESECURE", "id": "SA44845", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10356", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU92126369", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001383", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162197", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162076", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163257", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162013", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162383", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162189", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "161984", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162200", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162114", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162041", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162183", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162699", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162337", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162151", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162196", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162172", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162201", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162307", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-99170", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-388130", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162694", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "id": "VAR-202103-1464", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-388130" } ], "trust": 0.6742040990624999 }, "last_update_date": "2024-11-29T22:12:22.747000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2021-119 Software product security information", "trust": 0.8, "url": "https://www.debian.org/security/2021/dsa-4875" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.1 }, { "problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 1.1, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845" }, { "trust": 1.1, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" }, { "trust": 1.1, "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-05" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-06" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-09" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-10" }, { "trust": 1.1, "url": "https://www.debian.org/security/2021/dsa-4875" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/202103-03" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc" }, { "trust": 1.1, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/" }, { "trust": 1.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92126369/" }, { "trust": 0.8, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2021-3450" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20305" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13630" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20387" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000858" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3115" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1730" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19906" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-6405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20388" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3114" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20843" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2021" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19956" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20916" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29361" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2130" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-2708" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8927" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-14502" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8285" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9169" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-10228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24977" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13776" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3326" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8284" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28374" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27152" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27365" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26708" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1063" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.3" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-4891-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.3" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1024" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1203" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1200" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1195" } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-25T00:00:00", "db": "VULHUB", "id": "VHN-388130" }, { "date": "2021-05-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "date": "2021-05-19T14:19:18", "db": "PACKETSTORM", "id": "162694" }, { "date": "2021-06-23T15:44:15", "db": "PACKETSTORM", "id": "163257" }, { "date": "2021-04-29T14:37:49", "db": "PACKETSTORM", "id": "162383" }, { "date": "2021-04-05T15:16:03", "db": "PACKETSTORM", "id": "162076" }, { "date": "2021-03-26T14:15:18", "db": "PACKETSTORM", "id": "161984" }, { "date": "2021-03-30T14:07:13", "db": "PACKETSTORM", "id": "162013" }, { "date": "2021-04-15T13:50:30", "db": "PACKETSTORM", "id": "162200" }, { "date": "2021-04-15T13:50:04", "db": "PACKETSTORM", "id": "162197" }, { "date": "2021-04-14T16:50:04", "db": "PACKETSTORM", "id": "162189" }, { "date": "2021-03-25T15:15:13.450000", "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-29T00:00:00", "db": "VULHUB", "id": "VHN-388130" }, { "date": "2021-09-13T07:43:00", "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "date": "2024-11-21T06:21:33.050000", "db": "NVD", "id": "CVE-2021-3449" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "161984" } ], "trust": 0.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "162383" } ], "trust": 0.2 } }
var-201904-0176
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. plural Siemens The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens is a leading global technology company that provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drive and software with innovation in electrification, automation and digital. Siemens has a denial of service vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. The vulnerability stems from the failure of the network system or product to properly validate the input data
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0176", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic wincc runtime advanced", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic net pc software", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic rf188c", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic rf600r", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic hmi comfort outdoor panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic s7-1500t", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.5" }, { "model": "simatic hmi ktp mobile panels ktp700f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic hmi ktp mobile panels ktp900f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic hmi comfort outdoor panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic hmi ktp mobile panels ktp900", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic hmi ktp mobile panels ktp900f", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic et 200 open controller cpu 1515sp pc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "simatic rf188c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic wincc oa", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.15-p018" }, { "model": "simatic wincc runtime advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc diagmonitor", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic wincc runtime mobile", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1500s", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.5" }, { "model": "simatic hmi ktp mobile panels ktp700", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic hmi ktp mobile panels ktp900", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "sinec-nms", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "simatic hmi ktp mobile panels ktp700", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic hmi ktp mobile panels ktp400f", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic cp443-1 opc ua", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic rf600r", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1500", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.5" }, { "model": "sinec-nms", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "simatic s7-1500f", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.5" }, { "model": "sinema server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic net pc software", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik opc ua server", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic hmi ktp mobile panels ktp400f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic wincc runtime comfort", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "opc unified architecture", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1500 software controller", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.5" }, { "model": "simatic hmi ktp mobile panels ktp700f", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "telecontrol server basic", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1.1" }, { "model": "simatic wincc runtime hsp comfort", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 opc-ua", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200 open controller cpu 1515sp pc2", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 software controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic wincc oa", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu family", "scope": "lte", "trust": 0.6, "vendor": "siemens", "version": "\u003c=v2.5" }, { "model": "simatic s7-1500 software controller", "scope": "lte", "trust": 0.6, "vendor": "siemens", "version": "\u003c=v2.5" }, { "model": "simatic wincc oa \u003cv3.15-p018", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinema server", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinumerik opc ua server", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.1" }, { "model": "telecontrol server basics", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic wincc runtime comfort", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic wincc runtime mobile", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinec-nms", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp443-1 opc ua", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et200 open controller cpu 1515sp pc2", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic wincc runtime hsp comfort", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "telecontrol server basic", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.1" }, { "model": "telecontrol server basic sp2", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "telecontrol server basic", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "sinumerik opc ua server", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinema server", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinec-nms", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic wincc runtime mobile", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic wincc runtime hsp comfort", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic wincc runtime comfort", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic wincc runtime advanced", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.15" }, { "model": "simatic wincc oa 3.14-p021", "scope": null, "trust": 0.3, "vendor": "siemens", "version": null }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.14" }, { "model": "simatic wincc oa p002", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.12" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.12" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.7" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2.5" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2.0" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.8.5" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.8.3" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.7" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2.5" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2.0" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.6" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.5.0" }, { "model": "simatic rf600r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf188c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic net pc software", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic ipc diagmonitor", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic et200 open controller cpu 1515sp pc2", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic cp opc ua", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "sinumerik opc ua server", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "2.1" }, { "model": "simatic wincc oa 3.15-p018", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp443 1 opc ua", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500s", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500t", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200 open controller cpu 1515sp pc2", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic ipc diagmonitor", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic net pc", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf188c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf600r", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 controller", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic wincc oa", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic wincc runtime advanced", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic wincc runtime comfort", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic wincc runtime hsp comfort", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic wincc runtime mobile", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinec nms", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinema server", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinumerik opc ua server", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "telecontrol server basic", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500f", "version": "*" } ], "sources": [ { "db": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc" }, { "db": "CNVD", "id": "CNVD-2019-12905" }, { "db": "BID", "id": "107833" }, { "db": "JVNDB", "id": "JVNDB-2019-003488" }, { "db": "NVD", "id": "CVE-2019-6575" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_std_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_et_200_open_controller_cpu_1515sp_pc2_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_ipc_diagmonitor_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:simatic_net_pc-software", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_rf188c_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_rf600r_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_software_controller_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_s7-1500_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:simatic_wincc_open_architecture", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:wincc_runtime_advanced", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003488" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens,Siemens ProductCERT reported this vulnerability to NCCIC.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-462" } ], "trust": 0.6 }, "cve": "CVE-2019-6575", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-6575", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-12905", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-158010", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-6575", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-6575", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-6575", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-6575", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2019-12905", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201904-462", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-158010", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-6575", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc" }, { "db": "CNVD", "id": "CNVD-2019-12905" }, { "db": "VULHUB", "id": "VHN-158010" }, { "db": "VULMON", "id": "CVE-2019-6575" }, { "db": "JVNDB", "id": "JVNDB-2019-003488" }, { "db": "CNNVD", "id": "CNNVD-201904-462" }, { "db": "NVD", "id": "CVE-2019-6575" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions \u003c V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions \u003c V1.1.0), SIMATIC RF600R family (All versions \u003c V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.5 \u003c V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions \u003c V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Upd 4), SINEC NMS (All versions \u003c V1.0 SP1), SINEMA Server (All versions \u003c V14 SP2), SINUMERIK OPC UA Server (All versions \u003c V2.1), TeleControl Server Basic (All versions \u003c V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. plural Siemens The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Siemens is a leading global technology company that provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drive and software with innovation in electrification, automation and digital. Siemens has a denial of service vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. SIMATIC S7-1500 is a programmable logic controller. SIMATIC WinCC is an automated data acquisition and monitoring (SCADA) system. The vulnerability stems from the failure of the network system or product to properly validate the input data", "sources": [ { "db": "NVD", "id": "CVE-2019-6575" }, { "db": "JVNDB", "id": "JVNDB-2019-003488" }, { "db": "CNVD", "id": "CNVD-2019-12905" }, { "db": "BID", "id": "107833" }, { "db": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc" }, { "db": "VULHUB", "id": "VHN-158010" }, { "db": "VULMON", "id": "CVE-2019-6575" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6575", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-19-099-03", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-307392", "trust": 1.8 }, { "db": "BID", "id": "107833", "trust": 1.1 }, { "db": "CNNVD", "id": "CNNVD-201904-462", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-12905", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-003488", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.1205", "trust": 0.6 }, { "db": "IVD", "id": "B72B932A-FFE5-40C4-80A7-5E3F71B449FC", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-158010", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2019-6575", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc" }, { "db": "CNVD", "id": "CNVD-2019-12905" }, { "db": "VULHUB", "id": "VHN-158010" }, { "db": "VULMON", "id": "CVE-2019-6575" }, { "db": "BID", "id": "107833" }, { "db": "JVNDB", "id": "JVNDB-2019-003488" }, { "db": "CNNVD", "id": "CNNVD-201904-462" }, { "db": "NVD", "id": "CVE-2019-6575" } ] }, "id": "VAR-201904-0176", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc" }, { "db": "CNVD", "id": "CNVD-2019-12905" }, { "db": "VULHUB", "id": "VHN-158010" } ], "trust": 1.5723463029411764 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc" }, { "db": "CNVD", "id": "CNVD-2019-12905" } ] }, "last_update_date": "2024-11-23T22:45:04.929000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-307392", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf" }, { "title": "SiemensIndustrialProductswithOPCUA denial of service vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/160239" }, { "title": "Siemens OPC UA Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91290" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=f300e0ed579e6a7eeebba4d6b8703ede" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-12905" }, { "db": "VULMON", "id": "CVE-2019-6575" }, { "db": "JVNDB", "id": "JVNDB-2019-003488" }, { "db": "CNNVD", "id": "CNNVD-201904-462" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-755", "trust": 1.1 }, { "problemtype": "CWE-248", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-158010" }, { "db": "JVNDB", "id": "JVNDB-2019-003488" }, { "db": "NVD", "id": "CVE-2019-6575" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-03" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6575" }, { "trust": 0.9, "url": "http://www.siemens.com/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6575" }, { "trust": 0.7, "url": "https://www.securityfocus.com/bid/107833" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-denial-of-service-via-opc-ua-4840-tcp-28974" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78742" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/755.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-19-099-03" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-12905" }, { "db": "VULHUB", "id": "VHN-158010" }, { "db": "VULMON", "id": "CVE-2019-6575" }, { "db": "BID", "id": "107833" }, { "db": "JVNDB", "id": "JVNDB-2019-003488" }, { "db": "CNNVD", "id": "CNNVD-201904-462" }, { "db": "NVD", "id": "CVE-2019-6575" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc" }, { "db": "CNVD", "id": "CNVD-2019-12905" }, { "db": "VULHUB", "id": "VHN-158010" }, { "db": "VULMON", "id": "CVE-2019-6575" }, { "db": "BID", "id": "107833" }, { "db": "JVNDB", "id": "JVNDB-2019-003488" }, { "db": "CNNVD", "id": "CNNVD-201904-462" }, { "db": "NVD", "id": "CVE-2019-6575" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-05T00:00:00", "db": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc" }, { "date": "2019-05-05T00:00:00", "db": "CNVD", "id": "CNVD-2019-12905" }, { "date": "2019-04-17T00:00:00", "db": "VULHUB", "id": "VHN-158010" }, { "date": "2019-04-17T00:00:00", "db": "VULMON", "id": "CVE-2019-6575" }, { "date": "2019-04-09T00:00:00", "db": "BID", "id": "107833" }, { "date": "2019-05-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003488" }, { "date": "2019-04-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-462" }, { "date": "2019-04-17T14:29:03.760000", "db": "NVD", "id": "CVE-2019-6575" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-07T00:00:00", "db": "CNVD", "id": "CNVD-2019-12905" }, { "date": "2020-10-16T00:00:00", "db": "VULHUB", "id": "VHN-158010" }, { "date": "2022-04-12T00:00:00", "db": "VULMON", "id": "CVE-2019-6575" }, { "date": "2019-04-09T00:00:00", "db": "BID", "id": "107833" }, { "date": "2019-05-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003488" }, { "date": "2022-08-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-462" }, { "date": "2024-11-21T04:46:43.960000", "db": "NVD", "id": "CVE-2019-6575" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-462" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens Industrial Products with OPC UA Denial of service vulnerability", "sources": [ { "db": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc" }, { "db": "CNVD", "id": "CNVD-2019-12905" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Input validation error", "sources": [ { "db": "IVD", "id": "b72b932a-ffe5-40c4-80a7-5e3f71b449fc" }, { "db": "CNNVD", "id": "CNNVD-201904-462" } ], "trust": 0.8 } }
cve-2019-6575
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:23:22.041Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC CP 443-1 OPC UA", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.7" } ] }, { "product": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd 4" } ] }, { "product": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd 4" } ] }, { "product": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd 4" } ] }, { "product": "SIMATIC IPC DiagMonitor", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1.3" } ] }, { "product": "SIMATIC NET PC Software V13", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC NET PC Software V14", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14 SP1 Update 14" } ] }, { "product": "SIMATIC NET PC Software V15", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC RF188C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1.0" } ] }, { "product": "SIMATIC RF600R family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.1" } ] }, { "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.5 \u003c V2.6.1" } ] }, { "product": "SIMATIC S7-1500 Software Controller", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions between V2.5 (including) and V2.7 (excluding)" } ] }, { "product": "SIMATIC WinCC OA", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.15 P018" } ] }, { "product": "SIMATIC WinCC Runtime Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd 4" } ] }, { "product": "SINEC NMS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.0 SP1" } ] }, { "product": "SINEMA Server", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V14 SP2" } ] }, { "product": "SINUMERIK OPC UA Server", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.1" } ] }, { "product": "TeleControl Server Basic", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.1.1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions \u003c V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions \u003c V1.1.0), SIMATIC RF600R family (All versions \u003c V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.5 \u003c V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions \u003c V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Upd 4), SINEC NMS (All versions \u003c V1.0 SP1), SINEMA Server (All versions \u003c V14 SP2), SINUMERIK OPC UA Server (All versions \u003c V2.1), TeleControl Server Basic (All versions \u003c V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-248", "description": "CWE-248: Uncaught Exception", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-10T11:16:36", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-6575", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC CP 443-1 OPC UA", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V2.7" } ] } }, { "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Upd 4" } ] } }, { "product_name": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Upd 4" } ] } }, { "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Upd 4" } ] } }, { "product_name": "SIMATIC IPC DiagMonitor", "version": { "version_data": [ { "version_value": "All versions \u003c V5.1.3" } ] } }, { "product_name": "SIMATIC NET PC Software V13", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC NET PC Software V14", "version": { "version_data": [ { "version_value": "All versions \u003c V14 SP1 Update 14" } ] } }, { "product_name": "SIMATIC NET PC Software V15", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC RF188C", "version": { "version_data": [ { "version_value": "All versions \u003c V1.1.0" } ] } }, { "product_name": "SIMATIC RF600R family", "version": { "version_data": [ { "version_value": "All versions \u003c V3.2.1" } ] } }, { "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.5 \u003c V2.6.1" } ] } }, { "product_name": "SIMATIC S7-1500 Software Controller", "version": { "version_data": [ { "version_value": "All versions between V2.5 (including) and V2.7 (excluding)" } ] } }, { "product_name": "SIMATIC WinCC OA", "version": { "version_data": [ { "version_value": "All versions \u003c V3.15 P018" } ] } }, { "product_name": "SIMATIC WinCC Runtime Advanced", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Upd 4" } ] } }, { "product_name": "SINEC NMS", "version": { "version_data": [ { "version_value": "All versions \u003c V1.0 SP1" } ] } }, { "product_name": "SINEMA Server", "version": { "version_data": [ { "version_value": "All versions \u003c V14 SP2" } ] } }, { "product_name": "SINUMERIK OPC UA Server", "version": { "version_data": [ { "version_value": "All versions \u003c V2.1" } ] } }, { "product_name": "TeleControl Server Basic", "version": { "version_data": [ { "version_value": "All versions \u003c V3.1.1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions \u003c V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions \u003c V1.1.0), SIMATIC RF600R family (All versions \u003c V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.5 \u003c V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions \u003c V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Upd 4), SINEC NMS (All versions \u003c V1.0 SP1), SINEMA Server (All versions \u003c V14 SP2), SINUMERIK OPC UA Server (All versions \u003c V2.1), TeleControl Server Basic (All versions \u003c V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-248: Uncaught Exception" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-6575", "datePublished": "2019-04-17T13:40:24", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:22.041Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }