Filtered by vendor Siemens Subscriptions
Filtered by product Simatic Mv500 Firmware Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-3449 13 Checkpoint, Debian, Fedoraproject and 10 more 172 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 169 more 2024-09-17 5.9 Medium
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVE-2020-28400 1 Siemens 157 Dk Standard Ethernet Controller Evaluation Kit, Dk Standard Ethernet Controller Evaluation Kit Firmware, Ek-ertec 200 Evaulation Kit and 154 more 2024-08-04 7.5 High
Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device.