CVE-2021-3449 - Vulnerability Details

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.10188.

Key SSVC decision points have not yet been added.

Vendors	Products
Checkpoint Subscribe	Multi-domain Management Subscribe Multi-domain Management Firmware Subscribe Quantum Security Gateway Subscribe Quantum Security Gateway Firmware Subscribe Quantum Security Management Subscribe Quantum Security Management Firmware Subscribe
Debian Subscribe	Debian Linux Subscribe
Fedoraproject Subscribe	Fedora Subscribe
Freebsd Subscribe	Freebsd Subscribe
Mcafee Subscribe	Web Gateway Subscribe Web Gateway Cloud Service Subscribe
Netapp Subscribe	Active Iq Unified Manager Subscribe Cloud Volumes Ontap Mediator Subscribe E-series Performance Analyzer Subscribe Oncommand Insight Subscribe Oncommand Workflow Automation Subscribe Ontap Select Deploy Administration Utility Subscribe Santricity Smi-s Provider Subscribe Snapcenter Subscribe Storagegrid Subscribe
Nodejs Subscribe	Node.js Subscribe
Openssl Subscribe	Openssl Subscribe
Oracle Subscribe	Communications Communications Policy Management Subscribe Enterprise Manager For Storage Management Subscribe Essbase Subscribe Graalvm Subscribe Jd Edwards Enterpriseone Tools Subscribe Jd Edwards World Security Subscribe Mysql Connectors Subscribe Mysql Server Subscribe Mysql Workbench Subscribe Peoplesoft Enterprise Peopletools Subscribe Primavera Unifier Subscribe Secure Backup Subscribe Secure Global Desktop Subscribe Zfs Storage Appliance Kit Subscribe
Redhat Subscribe	Enterprise Linux Subscribe Jboss Core Services Subscribe Jboss Enterprise Web Server Subscribe Rhel Eus Subscribe Rhev Hypervisor Subscribe
Siemens Subscribe	Ruggedcom Rcm1224 Subscribe Ruggedcom Rcm1224 Firmware Subscribe Scalance Lpe9403 Subscribe Scalance Lpe9403 Firmware Subscribe Scalance M-800 Subscribe Scalance M-800 Firmware Subscribe Scalance S602 Subscribe Scalance S602 Firmware Subscribe Scalance S612 Subscribe Scalance S612 Firmware Subscribe Scalance S615 Subscribe Scalance S615 Firmware Subscribe Scalance S623 Subscribe Scalance S623 Firmware Subscribe Scalance S627-2m Subscribe Scalance S627-2m Firmware Subscribe Scalance Sc-600 Subscribe Scalance Sc-600 Firmware Subscribe Scalance W1700 Subscribe Scalance W1700 Firmware Subscribe Scalance W700 Subscribe Scalance W700 Firmware Subscribe Scalance Xb-200 Subscribe Scalance Xb-200 Firmware Subscribe Scalance Xc-200 Subscribe Scalance Xc-200 Firmware Subscribe Scalance Xf-200ba Subscribe Scalance Xf-200ba Firmware Subscribe Scalance Xm-400 Subscribe Scalance Xm-400 Firmware Subscribe Scalance Xp-200 Subscribe Scalance Xp-200 Firmware Subscribe Scalance Xr-300wg Subscribe Scalance Xr-300wg Firmware Subscribe Scalance Xr524-8c Subscribe Scalance Xr524-8c Firmware Subscribe Scalance Xr526-8c Subscribe Scalance Xr526-8c Firmware Subscribe Scalance Xr528-6m Subscribe Scalance Xr528-6m Firmware Subscribe Scalance Xr552-12 Subscribe Scalance Xr552-12 Firmware Subscribe Simatic Cloud Connect 7 Subscribe Simatic Cloud Connect 7 Firmware Subscribe Simatic Cp 1242-7 Gprs V2 Subscribe Simatic Cp 1242-7 Gprs V2 Firmware Subscribe Simatic Hmi Basic Panels 2nd Generation Subscribe Simatic Hmi Basic Panels 2nd Generation Firmware Subscribe Simatic Hmi Comfort Outdoor Panels Subscribe Simatic Hmi Comfort Outdoor Panels Firmware Subscribe Simatic Hmi Ktp Mobile Panels Subscribe Simatic Hmi Ktp Mobile Panels Firmware Subscribe Simatic Logon Subscribe Simatic Mv500 Subscribe Simatic Mv500 Firmware Subscribe Simatic Net Cp1243-7 Lte Eu Subscribe Simatic Net Cp1243-7 Lte Eu Firmware Subscribe Simatic Net Cp1243-7 Lte Us Subscribe Simatic Net Cp1243-7 Lte Us Firmware Subscribe Simatic Net Cp 1243-1 Subscribe Simatic Net Cp 1243-1 Firmware Subscribe Simatic Net Cp 1243-8 Irc Subscribe Simatic Net Cp 1243-8 Irc Firmware Subscribe Simatic Net Cp 1542sp-1 Irc Subscribe Simatic Net Cp 1542sp-1 Irc Firmware Subscribe Simatic Net Cp 1543-1 Subscribe Simatic Net Cp 1543-1 Firmware Subscribe Simatic Net Cp 1543sp-1 Subscribe Simatic Net Cp 1543sp-1 Firmware Subscribe Simatic Net Cp 1545-1 Subscribe Simatic Net Cp 1545-1 Firmware Subscribe Simatic Pcs 7 Telecontrol Subscribe Simatic Pcs 7 Telecontrol Firmware Subscribe Simatic Pcs Neo Subscribe Simatic Pcs Neo Firmware Subscribe Simatic Pdm Subscribe Simatic Pdm Firmware Subscribe Simatic Process Historian Opc Ua Server Subscribe Simatic Process Historian Opc Ua Server Firmware Subscribe Simatic Rf166c Subscribe Simatic Rf166c Firmware Subscribe Simatic Rf185c Subscribe Simatic Rf185c Firmware Subscribe Simatic Rf186c Subscribe Simatic Rf186c Firmware Subscribe Simatic Rf186ci Subscribe Simatic Rf186ci Firmware Subscribe Simatic Rf188c Subscribe Simatic Rf188c Firmware Subscribe Simatic Rf188ci Subscribe Simatic Rf188ci Firmware Subscribe Simatic Rf360r Subscribe Simatic Rf360r Firmware Subscribe Simatic S7-1200 Cpu 1211c Subscribe Simatic S7-1200 Cpu 1211c Firmware Subscribe Simatic S7-1200 Cpu 1212c Subscribe Simatic S7-1200 Cpu 1212c Firmware Subscribe Simatic S7-1200 Cpu 1212fc Subscribe Simatic S7-1200 Cpu 1212fc Firmware Subscribe Simatic S7-1200 Cpu 1214 Fc Subscribe Simatic S7-1200 Cpu 1214 Fc Firmware Subscribe Simatic S7-1200 Cpu 1214c Subscribe Simatic S7-1200 Cpu 1214c Firmware Subscribe Simatic S7-1200 Cpu 1215 Fc Subscribe Simatic S7-1200 Cpu 1215 Fc Firmware Subscribe Simatic S7-1200 Cpu 1215c Subscribe Simatic S7-1200 Cpu 1215c Firmware Subscribe Simatic S7-1200 Cpu 1217c Subscribe Simatic S7-1200 Cpu 1217c Firmware Subscribe Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp Subscribe Simatic S7-1500 Cpu 1518-4 Pn\/dp Mfp Firmware Subscribe Simatic Wincc Runtime Advanced Subscribe Simatic Wincc Telecontrol Subscribe Sinamics Connect 300 Subscribe Sinamics Connect 300 Firmware Subscribe Sinec Infrastructure Network Services Subscribe Sinec Nms Subscribe Sinec Pni Subscribe Sinema Server Subscribe Sinumerik Opc Ua Server Subscribe Tia Administrator Subscribe Tim 1531 Irc Subscribe Tim 1531 Irc Firmware Subscribe
Sonicwall Subscribe	Capture Client Subscribe Sma100 Subscribe Sma100 Firmware Subscribe Sonicos Subscribe
Tenable Subscribe	Log Correlation Engine Subscribe Nessus Subscribe Nessus Network Monitor Subscribe Tenable.sc Subscribe

Configuration 1 [-]

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:freebsd:freebsd:12.2:-::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p2::::::

Configuration 4 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:::::::*
	cpe:2.3:a:netapp:e-series_performance_analyzer:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
	cpe:2.3:a:netapp:santricity_smi-s_provider:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*
	cpe:2.3:a:netapp:storagegrid:-:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:tenable:log_correlation_engine::::::::
	cpe:2.3:a:tenable:nessus::::::::
	cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:::::::*
	cpe:2.3:a:tenable:tenable.sc::::::::

Configuration 6 [-]

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 7 [-]

OR	cpe:2.3:a:mcafee:web_gateway:8.2.19:::::::*
	cpe:2.3:a:mcafee:web_gateway:9.2.10:::::::*
	cpe:2.3:a:mcafee:web_gateway:10.1.1:::::::*
	cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:::::::*
	cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:::::::*
	cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:::::::*

Configuration 8 [-]

AND

OR	cpe:2.3:o:checkpoint:quantum_security_management_firmware:r80.40:::::::*
	cpe:2.3:o:checkpoint:quantum_security_management_firmware:r81:::::::*

cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:o:checkpoint:multi-domain_management_firmware:r80.40:::::::*
	cpe:2.3:o:checkpoint:multi-domain_management_firmware:r81:::::::*

cpe:2.3:h:checkpoint:multi-domain_management:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

OR	cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:::::::*
	cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81:::::::*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 11 [-]

OR	cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:::::::*
	cpe:2.3:a:oracle:essbase:21.2:::::::*
	cpe:2.3:a:oracle:graalvm:19.3.5::::enterprise:::
	cpe:2.3:a:oracle:graalvm:20.3.1.2::::enterprise:::
	cpe:2.3:a:oracle:graalvm:21.0.0.2::::enterprise:::
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
	cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*
	cpe:2.3:a:oracle:mysql_connectors::::::::
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_workbench::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
	cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*
	cpe:2.3:a:oracle:secure_backup::::::::
	cpe:2.3:a:oracle:secure_global_desktop:5.6:::::::*
	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

Configuration 12 [-]

AND

cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*

Configuration 13 [-]

OR	cpe:2.3:a:sonicwall:capture_client:3.5:::::::*
	cpe:2.3:o:sonicwall:sonicos:7.0.1.0:::::::*

Configuration 14 [-]

AND

cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_rcm1224:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:siemens:scalance_s602_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s602:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:siemens:scalance_s612_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s612:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:siemens:scalance_s623_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s623:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:siemens:scalance_s627-2m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s627-2m:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:siemens:scalance_sc-600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_sc-600:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:siemens:scalance_w1700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w1700:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf-200ba:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:siemens:scalance_xr552-12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr552-12:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

OR	cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware::::::::
	cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:-:::::::*

cpe:2.3:h:siemens:simatic_cloud_connect_7:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

OR	cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware::::::::
	cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:::::::*

cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:siemens:simatic_mv500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv500:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_us:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND

cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND

cpe:2.3:o:siemens:simatic_pcs_7_telecontrol_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pcs_7_telecontrol:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND

cpe:2.3:o:siemens:simatic_pcs_neo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pcs_neo:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND

cpe:2.3:o:siemens:simatic_pdm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pdm:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND

cpe:2.3:o:siemens:simatic_process_historian_opc_ua_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_process_historian_opc_ua_server:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND

cpe:2.3:o:siemens:simatic_rf166c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf166c:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND

cpe:2.3:o:siemens:simatic_rf185c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf185c:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND

cpe:2.3:o:siemens:simatic_rf186c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf186c:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND

cpe:2.3:o:siemens:simatic_rf186ci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf186ci:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND

cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND

cpe:2.3:o:siemens:simatic_rf188ci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf188ci:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND

cpe:2.3:o:siemens:simatic_rf360r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf360r:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*

Configuration 61 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*

Configuration 63 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*

Configuration 64 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*

Configuration 65 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*

Configuration 66 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*

Configuration 67 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*

Configuration 68 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*

Configuration 69 [-]

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp:-:*:*:*:*:*:*:*

Configuration 70 [-]

AND

cpe:2.3:o:siemens:sinamics_connect_300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sinamics_connect_300:-:*:*:*:*:*:*:*

Configuration 71 [-]

AND

cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*

Configuration 72 [-]

OR	cpe:2.3:a:siemens:simatic_logon::::::::
	cpe:2.3:a:siemens:simatic_logon:1.5:sp3_update_1::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::
	cpe:2.3:a:siemens:simatic_wincc_telecontrol:-:::::::*
	cpe:2.3:a:siemens:sinec_nms:1.0:-::::::
	cpe:2.3:a:siemens:sinec_nms:1.0:sp1::::::
	cpe:2.3:a:siemens:sinec_pni:-:::::::*
	cpe:2.3:a:siemens:sinema_server:14.0:-::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp1::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp2::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp2_update1::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp2_update2::::::
	cpe:2.3:a:siemens:sinumerik_opc_ua_server::::::::
	cpe:2.3:a:siemens:tia_administrator::::::::

Configuration 73 [-]

cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*

Configuration 74 [-]

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*

Package	CPE	Advisory	Released Date
JBCS 2.4.37 SP7
openssl	cpe:/a:redhat:jboss_core_services:1	RHSA-2021:1200	2021-04-14T00:00:00Z
JBoss Core Services on RHEL 7
jbcs-httpd24-httpd-0:2.4.37-70.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2021:1199	2021-04-14T00:00:00Z
jbcs-httpd24-mod_cluster-native-0:1.3.14-20.Final_redhat_2.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2021:1199	2021-04-14T00:00:00Z
jbcs-httpd24-mod_http2-0:1.15.7-14.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2021:1199	2021-04-14T00:00:00Z
jbcs-httpd24-mod_jk-0:1.2.48-13.redhat_1.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2021:1199	2021-04-14T00:00:00Z
jbcs-httpd24-mod_md-1:2.0.8-33.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2021:1199	2021-04-14T00:00:00Z
jbcs-httpd24-mod_security-0:2.9.2-60.GA.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2021:1199	2021-04-14T00:00:00Z
jbcs-httpd24-nghttp2-0:1.39.2-37.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2021:1199	2021-04-14T00:00:00Z
jbcs-httpd24-openssl-1:1.1.1g-6.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2021:1199	2021-04-14T00:00:00Z
jbcs-httpd24-openssl-chil-0:1.0.0-5.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2021:1199	2021-04-14T00:00:00Z
jbcs-httpd24-openssl-pkcs11-0:0.4.10-20.jbcs.el7	cpe:/a:redhat:jboss_core_services:1::el7	RHSA-2021:1199	2021-04-14T00:00:00Z
Red Hat Enterprise Linux 8
openssl-1:1.1.1g-15.el8_3	cpe:/o:redhat:enterprise_linux:8	RHSA-2021:1024	2021-03-30T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
openssl-1:1.1.1c-5.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2021:1131	2021-04-07T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
openssl-1:1.1.1c-18.el8_2	cpe:/o:redhat:rhel_eus:8.2	RHSA-2021:1063	2021-04-05T00:00:00Z
Red Hat JBoss Web Server 3.1
	cpe:/a:redhat:jboss_enterprise_web_server:3.1	RHSA-2021:1203	2021-04-14T00:00:00Z
Red Hat JBoss Web Server 3 for RHEL 7
tomcat-native-0:1.2.23-24.redhat_24.ep7.el7	cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7	RHSA-2021:1202	2021-04-14T00:00:00Z
Red Hat JBoss Web Server 5
	cpe:/a:redhat:jboss_enterprise_web_server:5.4	RHSA-2021:1196	2021-04-14T00:00:00Z
Red Hat JBoss Web Server 5.4 on RHEL 7
jws5-tomcat-native-0:1.2.25-4.redhat_4.el7jws	cpe:/a:redhat:jboss_enterprise_web_server:5.4::el7	RHSA-2021:1195	2021-04-14T00:00:00Z
Red Hat JBoss Web Server 5.4 on RHEL 8
jws5-tomcat-native-0:1.2.25-4.redhat_4.el8jws	cpe:/a:redhat:jboss_enterprise_web_server:5.4::el8	RHSA-2021:1195	2021-04-14T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.4.5-20210330.0.el8_3	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2021:1189	2021-04-14T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-2751-1	postgresql-9.6 security update
Debian DSA	DSA-4875-1	openssl security update
EUVD	EUVD-2021-1628	An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
Github GHSA	GHSA-83mx-573x-5rw9	openssl-src NULL pointer Dereference in signature_algorithms processing
Ubuntu USN	USN-4891-1	OpenSSL vulnerability
Ubuntu USN	USN-5038-1	PostgreSQL vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2021/03/27/1
http://www.openwall.com/lists/oss-security/2021/03/27/2
http://www.openwall.com/lists/oss-security/2021/03/28/3
http://www.openwall.com/lists/oss-security/2021/03/28/4
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845
https://kc.mcafee.com/corporate/index?page=content&id=SB10356
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://nvd.nist.gov/vuln/detail/CVE-2021-3449
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc
https://security.gentoo.org/glsa/202103-03
https://security.netapp.com/advisory/ntap-20210326-0006/
https://security.netapp.com/advisory/ntap-20210513-0002/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
https://www.cve.org/CVERecord?id=CVE-2021-3449
https://www.debian.org/security/2021/dsa-4875
https://www.openssl.org/news/secadv/20210325.txt
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-05
https://www.tenable.com/security/tns-2021-06
https://www.tenable.com/security/tns-2021-09
https://www.tenable.com/security/tns-2021-10

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: openssl

Published: 2021-03-25T14:25:13.659307Z

Updated: 2024-09-17T03:43:55.497Z

Reserved: 2021-03-17T00:00:00

Link: CVE-2021-3449

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-03-25T15:15:13.450

Modified: 2024-11-21T06:21:33.050

Link: CVE-2021-3449

Redhat

Severity : Important

Publid Date: 2021-03-25T00:00:00Z

Links: CVE-2021-3449 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object