Vulnerabilites related to siemens - simatic_hmi_unified_comfort_panels_firmware
cve-2020-27827
Vulnerability from cvelistv5
Published
2021-03-18 00:00
Modified
2024-08-04 16:25
Severity ?
EPSS score ?
Summary
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | lldp/openvswitch |
Version: lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:25:43.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1921438", }, { tags: [ "x_transferred", ], url: "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html", }, { tags: [ "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", }, { tags: [ "x_transferred", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", }, { name: "FEDORA-2023-88991d2713", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/", }, { name: "FEDORA-2023-c0c184a019", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/", }, { name: "FEDORA-2023-3e4feeadec", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/", }, { name: "GLSA-202311-16", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202311-16", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "lldp/openvswitch", vendor: "n/a", versions: [ { status: "affected", version: "lldpd 1.0.8, openvswitch 2.14.1, openvswitch 2.13.2, openvswitch 2.12.2, openvswitch 2.11.5, openvswitch 2.10.6, openvswitch 2.9.8, openvswitch 2.8.10, openvswitch 2.7.12, openvswitch 2.6.9", }, ], }, ], descriptions: [ { lang: "en", value: "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-26T11:06:15.202997", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { url: "https://bugzilla.redhat.com/show_bug.cgi?id=1921438", }, { url: "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html", }, { url: "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", }, { url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", }, { name: "FEDORA-2023-88991d2713", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/", }, { name: "FEDORA-2023-c0c184a019", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/", }, { name: "FEDORA-2023-3e4feeadec", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/", }, { name: "GLSA-202311-16", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202311-16", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-27827", datePublished: "2021-03-18T00:00:00", dateReserved: "2020-10-27T00:00:00", dateUpdated: "2024-08-04T16:25:43.547Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2021-03-18 17:15
Modified
2024-11-21 05:21
Severity ?
Summary
A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:lldpd_project:lldpd:*:*:*:*:*:*:*:*", matchCriteriaId: "60E35B97-6AAD-4F2D-88E7-D1B235D36E63", versionEndExcluding: "1.0.8", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "D7946D64-A914-4DC4-8AFA-E5A4C9415B87", versionEndExcluding: "2.6.9", versionStartIncluding: "2.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "FCBC3BDE-1CFE-4275-8F33-BC7D0ECD88BA", versionEndExcluding: "2.7.12", versionStartIncluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "F553884B-6DC9-4DBD-ADD6-B24B8A9FDFBA", versionEndExcluding: "2.8.10", versionStartIncluding: "2.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "4A42E11A-8575-40B1-8343-840783E17FD0", versionEndExcluding: "2.9.8", versionStartIncluding: "2.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "92DE8269-BD35-46B7-B4D0-5C0B5C3B2BE5", versionEndExcluding: "2.10.6", versionStartIncluding: "2.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "6AA97E08-3F7E-46CE-B03D-FD06307137A8", versionEndExcluding: "2.11.5", versionStartIncluding: "2.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "F74931FC-4B61-4EAD-90CD-D095A9BC76B6", versionEndExcluding: "2.12.2", versionStartIncluding: "2.12.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "6AACFC3E-4242-4E9E-9AC2-B2E1C700DF0C", versionEndExcluding: "2.13.2", versionStartIncluding: "2.13.0", vulnerable: true, }, { criteria: "cpe:2.3:a:openvswitch:openvswitch:*:*:*:*:*:*:*:*", matchCriteriaId: "E22360F8-FD09-4CED-8E62-46916AB17A12", versionEndExcluding: "2.14.1", versionStartIncluding: "2.14.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", matchCriteriaId: "932D137F-528B-4526-9A89-CD59FA1AB0FE", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", matchCriteriaId: "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", matchCriteriaId: "704CFA1A-953E-4105-BFBE-406034B83DED", vulnerable: true, }, { criteria: "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", matchCriteriaId: "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_hmi_unified_comfort_panels_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CAB60054-8FD0-45A4-B7DC-FFF061764B80", versionEndExcluding: "17", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_hmi_unified_comfort_panels:-:*:*:*:*:*:*:*", matchCriteriaId: "2921C017-7617-4789-9690-C81EAC4F469D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "238D992C-6158-4E31-AE0A-7A9C54B51963", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*", matchCriteriaId: "65278BA0-3C81-4D81-9801-D7BE3A1D7680", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "2009C1FA-96D5-413C-9161-0DB55F841088", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*", matchCriteriaId: "350FD323-C876-4C7A-A2E7-4B0660C87F6C", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "F56E0C04-AEC3-45C8-93E7-FCA3B7F370F6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1542sp-1:-:*:*:*:*:*:*:*", matchCriteriaId: "0602DEEA-AE39-4A44-9D78-6623943DDCD6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "1F7747CD-757E-4B36-8F23-7588183948A7", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", matchCriteriaId: "C1EE2F10-A7A6-486F-AE5C-53AE25BAF200", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "BB5A494F-2EAB-4647-9A45-5CB0C382E099", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*", matchCriteriaId: "F56C2BDC-928E-491A-8E7C-F976B3787C7A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "98C894B9-C62A-4689-9DA4-D9A3795B8CE5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*", matchCriteriaId: "783B50B8-2FB7-4982-88AA-B4F2AD094796", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "7A46FF27-6B0D-4606-9D7B-45912556416F", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*", matchCriteriaId: "1256EB4B-DD8A-4F99-AE69-F74E8F789C63", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "D5B1898E-CB50-429B-9609-DC27C33C5C37", versionEndExcluding: "2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*", matchCriteriaId: "C1D94BEB-BBFB-4258-9835-87DBBB999239", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:siemens:sinumerik_one_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "296D097F-C7D2-4D12-8621-E0D1CAE64FA1", versionEndExcluding: "2.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:siemens:sinumerik_one:-:*:*:*:*:*:*:*", matchCriteriaId: "AE30FFDF-5494-400D-8F88-954A6B1503B9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.", }, { lang: "es", value: "Se encontró un fallo en múltiples versiones de OpenvSwitch. Los paquetes LLDP especialmente diseñados pueden causar que una memoria se pierda cuando se asignan datos para manejar TLV opcionales específicos, potencialmente causando una denegación de servicio. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema", }, ], id: "CVE-2020-27827", lastModified: "2024-11-21T05:21:53.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-18T17:15:13.510", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1921438", }, { source: "secalert@redhat.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/", }, { source: "secalert@redhat.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Mitigation", "Vendor Advisory", ], url: "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html", }, { source: "secalert@redhat.com", url: "https://security.gentoo.org/glsa/202311-16", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1921438", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-941426.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3T5XHPOGIPWCRRPJUE6P3HVC5PTSD5JS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYA4AMJXCNF6UPFG36L2TPPT32C242SP/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKQWHG2SZJZSGC7PXVDAEJYBN7ESDR7D/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Vendor Advisory", ], url: "https://mail.openvswitch.org/pipermail/ovs-dev/2021-January/379471.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202311-16", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-07", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "secalert@redhat.com", type: "Primary", }, ], }