4 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation. Se ha identificado una vulnerabilidad en SIMATIC RF166C (Todas las versiones posteriores a V1.1 y y anteriores a V1.3.2), SIMATIC RF185C (Todas las versiones posteriores a V1.1 y y anteriores a V1.3.2), SIMATIC RF186C (Todas las versiones posteriores a V1. 1 y y anteriores a V1.3.2), SIMATIC RF186CI (Todas las versiones posteriores a V1.1 y y anteriores a V1.3.2), SIMATIC RF188C (Todas las versiones posteriores a V1.1 y y anteriores a V1.3.2), SIMATIC RF188CI (Todas las versiones posteriores a V1.1 y y anteriores a V1.3. 2), SIMATIC RF360R (Todas las versiones y anteriores a V2.0), SIMATIC Reader RF610R CMIIT (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF610R ETSI (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF610R FCC (Todas las versiones posteriores a V3. 0 y anteriores a V4.0), Lector SIMATIC RF615R CMIIT (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF615R ETSI (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF615R FCC (Todas las versiones posteriores a V3. 0 y anteriores a V4.0), Lector SIMATIC RF650R ARIB (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF650R CMIIT (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF650R ETSI (Todas las versiones posteriores a V3. 0 y anteriores a V4.0), Lector SIMATIC RF650R FCC (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF680R ARIB (Todas las versiones posteriores a V3.0 y anteriores a V4.0), Lector SIMATIC RF680R CMIIT (Todas las versiones posteriores a V3.0 y anteriores a V4. 0), SIMATIC Reader RF680R ETSI (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF680R FCC (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF685R ARIB (Todas las versiones posteriores a V3.0 y anteriores a V4. 0), SIMATIC Reader RF685R CMIIT (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF685R ETSI (Todas las versiones posteriores a V3.0 y anteriores a V4.0), SIMATIC Reader RF685R FCC (Todas las versiones posteriores a V3.0 y anteriores a V4.0). Los dispositivos afectados no manejan adecuadamente un gran número de conexiones entrantes. • https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.9EPSS: 0%CPEs: 205EXPL: 0

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. • http://www.openwall.com/lists/oss-security/2021/03/27/1 http://www.openwall.com/lists/oss-security/2021/03/27/2 http://www.openwall.com/lists/oss-security/2021/03/28/3 http://www.openwall.com/lists/oss-security/2021/03/28/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 https://kb.pulse • CWE-476: NULL Pointer Dereference •

CVSS: 7.8EPSS: 0%CPEs: 68EXPL: 0

A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. • https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 125EXPL: 0

The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. SIPLUS), paneles exteriores SIMATIC HMI Comfort de 7" y 15" (incl. variantes SIPLUS), paneles SIMATIC HMI Comfort de 4" - 22" (incl. variantes SIPLUS), paneles SIMATIC ET 200SP Open Controller CPU 1515SP PC SIPLUS), paneles móviles SIMATIC HMI KTP KTP400F, KTP700, KTP700F, KTP900 y KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, familia SIMATIC RF600R, familia de CPUs SIMATIC S7-1500 (incl. • https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf • CWE-125: Out-of-bounds Read •