CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2021-31340
https://notcve.org/view.php?id=CVE-2021-31340
A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation. Se ha identificado una vulnerabilidad en SIMATIC RF166C (Todas las versiones posteriores a V1.1 y y anteriores a V1.3.2), SIMATIC RF185C (Todas las versiones posteriores a V1.1 y y anteriores a V1.3.2), SIMATIC RF186C (Todas las versiones posteriores a V1. 1 y y anteriores a V1.3.2), SIMATIC RF186CI (Todas las versiones posteriores a V1.1 y y anteriores a V1.3.2), SIMATIC RF188C (Todas las versiones posteriores a V1.1 y y anteriores a V1.3.2), SIMATIC RF188CI (Todas las versiones posteriores a V1.1 y y anteriores a V1.3. 2), SIMATIC RF360R (Todas las versiones y anteriores a V2.0), SIMATIC Reader RF610R CMIIT (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF610R ETSI (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF610R FCC (Todas las versiones posteriores a V3. 0 y anteriores a V4.0), Lector SIMATIC RF615R CMIIT (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF615R ETSI (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF615R FCC (Todas las versiones posteriores a V3. 0 y anteriores a V4.0), Lector SIMATIC RF650R ARIB (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF650R CMIIT (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF650R ETSI (Todas las versiones posteriores a V3. 0 y anteriores a V4.0), Lector SIMATIC RF650R FCC (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF680R ARIB (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF680R CMIIT (Todas las versiones posteriores a V3.0 y anteriores a V4. 0), SIMATIC Reader RF680R ETSI (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF680R FCC (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF685R ARIB (Todas las versiones posteriores a V3.0 y anteriores a V4. 0), SIMATIC Reader RF685R CMIIT (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF685R ETSI (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF685R FCC (Todas las versiones posteriores a V3.0 y anteriores a V4.0). Los dispositivos afectados no manejan adecuadamente un gran número de conexiones entrantes. • https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 205EXPL: 0CVE-2021-3449 – NULL pointer deref in signature_algorithms processing
https://notcve.org/view.php?id=CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 https://kb.pulse • CWE-476: NULL Pointer Dereference •