CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2021/03/27/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/27/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/28/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/28/4	Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf	Patch Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845	Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10356	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013	Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc	Third Party Advisory
https://security.gentoo.org/glsa/202103-03	Third Party Advisory
https://security.netapp.com/advisory/ntap-20210326-0006/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20210513-0002/	Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd	Third Party Advisory
https://www.debian.org/security/2021/dsa-4875	Third Party Advisory
https://www.openssl.org/news/secadv/20210325.txt	Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
https://www.tenable.com/security/tns-2021-05	Third Party Advisory
https://www.tenable.com/security/tns-2021-06	Third Party Advisory
https://www.tenable.com/security/tns-2021-09	Third Party Advisory
https://www.tenable.com/security/tns-2021-10	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:freebsd:freebsd:12.2:-::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p2::::::

Configuration 4 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:::::::*
	cpe:2.3:a:netapp:e-series_performance_analyzer:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
	cpe:2.3:a:netapp:santricity_smi-s_provider:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*
	cpe:2.3:a:netapp:storagegrid:-:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:tenable:log_correlation_engine::::::::
	cpe:2.3:a:tenable:nessus::::::::
	cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:::::::*
	cpe:2.3:a:tenable:tenable.sc::::::::

Configuration 6 (hide)

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 7 (hide)

OR	cpe:2.3:a:mcafee:web_gateway:8.2.19:::::::*
	cpe:2.3:a:mcafee:web_gateway:9.2.10:::::::*
	cpe:2.3:a:mcafee:web_gateway:10.1.1:::::::*
	cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:::::::*
	cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:::::::*
	cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:::::::*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:checkpoint:quantum_security_management_firmware:r80.40:::::::*
	cpe:2.3:o:checkpoint:quantum_security_management_firmware:r81:::::::*

cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:checkpoint:multi-domain_management_firmware:r80.40:::::::*
	cpe:2.3:o:checkpoint:multi-domain_management_firmware:r81:::::::*

cpe:2.3:h:checkpoint:multi-domain_management:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:::::::*
	cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81:::::::*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 11 (hide)

OR	cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:::::::*
	cpe:2.3:a:oracle:essbase:21.2:::::::*
	cpe:2.3:a:oracle:graalvm:19.3.5::::enterprise:::
	cpe:2.3:a:oracle:graalvm:20.3.1.2::::enterprise:::
	cpe:2.3:a:oracle:graalvm:21.0.0.2::::enterprise:::
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
	cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*
	cpe:2.3:a:oracle:mysql_connectors::::::::
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_workbench::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
	cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*
	cpe:2.3:a:oracle:secure_backup::::::::
	cpe:2.3:a:oracle:secure_global_desktop:5.6:::::::*
	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*

Configuration 12 (hide)

AND

cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*

Configuration 13 (hide)

OR	cpe:2.3:a:sonicwall:capture_client:3.5:::::::*
	cpe:2.3:o:sonicwall:sonicos:7.0.1.0:::::::*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_rcm1224:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:scalance_s602_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s602:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:scalance_s612_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s612:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:scalance_s623_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s623:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:scalance_s627-2m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s627-2m:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:siemens:scalance_sc-600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_sc-600:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:siemens:scalance_w1700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w1700:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:h:siemens:scalance_xf-200ba:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:siemens:scalance_xr552-12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr552-12:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

OR	cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware::::::::
	cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:-:::::::*

cpe:2.3:h:siemens:simatic_cloud_connect_7:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

OR	cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware::::::::
	cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:::::::*

cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:siemens:simatic_mv500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv500:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_us:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND

cpe:2.3:o:siemens:simatic_pcs_7_telecontrol_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pcs_7_telecontrol:-:*:*:*:*:*:*:*

Configuration 50 (hide)

AND

cpe:2.3:o:siemens:simatic_pcs_neo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pcs_neo:-:*:*:*:*:*:*:*

Configuration 51 (hide)

AND

cpe:2.3:o:siemens:simatic_pdm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pdm:-:*:*:*:*:*:*:*

Configuration 52 (hide)

AND

cpe:2.3:o:siemens:simatic_process_historian_opc_ua_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_process_historian_opc_ua_server:-:*:*:*:*:*:*:*

Configuration 53 (hide)

AND

cpe:2.3:o:siemens:simatic_rf166c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf166c:-:*:*:*:*:*:*:*

Configuration 54 (hide)

AND

cpe:2.3:o:siemens:simatic_rf185c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf185c:-:*:*:*:*:*:*:*

Configuration 55 (hide)

AND

cpe:2.3:o:siemens:simatic_rf186c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf186c:-:*:*:*:*:*:*:*

Configuration 56 (hide)

AND

cpe:2.3:o:siemens:simatic_rf186ci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf186ci:-:*:*:*:*:*:*:*

Configuration 57 (hide)

AND

cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*

Configuration 58 (hide)

AND

cpe:2.3:o:siemens:simatic_rf188ci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf188ci:-:*:*:*:*:*:*:*

Configuration 59 (hide)

AND

cpe:2.3:o:siemens:simatic_rf360r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf360r:-:*:*:*:*:*:*:*

Configuration 60 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*

Configuration 61 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*

Configuration 62 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*

Configuration 63 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*

Configuration 64 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*

Configuration 65 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*

Configuration 66 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*

Configuration 67 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*

Configuration 68 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*

Configuration 69 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp:-:*:*:*:*:*:*:*

Configuration 70 (hide)

AND

cpe:2.3:o:siemens:sinamics_connect_300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sinamics_connect_300:-:*:*:*:*:*:*:*

Configuration 71 (hide)

AND

cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*

Configuration 72 (hide)

OR	cpe:2.3:a:siemens:simatic_logon::::::::
	cpe:2.3:a:siemens:simatic_logon:1.5:sp3_update_1::::::
	cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::
	cpe:2.3:a:siemens:simatic_wincc_telecontrol:-:::::::*
	cpe:2.3:a:siemens:sinec_nms:1.0:-::::::
	cpe:2.3:a:siemens:sinec_nms:1.0:sp1::::::
	cpe:2.3:a:siemens:sinec_pni:-:::::::*
	cpe:2.3:a:siemens:sinema_server:14.0:-::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp1::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp2::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp2_update1::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp2_update2::::::
	cpe:2.3:a:siemens:sinumerik_opc_ua_server::::::::
	cpe:2.3:a:siemens:tia_administrator::::::::

Configuration 73 (hide)

cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*

Configuration 74 (hide)

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*

History

21 Jun 2024, 19:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240621-0006/ -

07 Nov 2023, 03:38

Type	Values Removed	Values Added
References	{'url': 'https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148', 'name': 'https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148', 'tags': ['Mailing List', 'Patch', 'Vendor Advisory'], 'refsource': 'CONFIRM'} {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/', 'name': 'FEDORA-2021-cbf14ab8f9', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}	() https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/ - () https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 -

Information

Published : 2021-03-25 15:15

Updated : 2024-06-21 19:15

NVD link : CVE-2021-3449

Mitre link : CVE-2021-3449

CVE.ORG link : CVE-2021-3449

JSON object : View

Products Affected

siemens

simatic_net_cp1243-7_lte_us
simatic_s7-1200_cpu_1214c
simatic_s7-1200_cpu_1214_fc_firmware
simatic_process_historian_opc_ua_server
sinec_nms
simatic_hmi_comfort_outdoor_panels
scalance_xr-300wg_firmware
scalance_xr524-8c_firmware
scalance_s627-2m
scalance_s615_firmware
scalance_s615
scalance_s612_firmware
scalance_xr-300wg
sinamics_connect_300
scalance_sc-600
simatic_net_cp_1543sp-1
simatic_s7-1200_cpu_1212c_firmware
scalance_s623_firmware
scalance_xc-200_firmware
simatic_net_cp_1545-1_firmware
scalance_w1700
scalance_xp-200
simatic_net_cp_1543-1
simatic_rf186c
simatic_s7-1200_cpu_1215c_firmware
simatic_s7-1200_cpu_1214_fc
sinamics_connect_300_firmware
simatic_cp_1242-7_gprs_v2_firmware
scalance_sc-600_firmware
scalance_xr552-12
simatic_cloud_connect_7_firmware
simatic_logon
scalance_lpe9403
simatic_net_cp_1543-1_firmware
simatic_process_historian_opc_ua_server_firmware
sinema_server
simatic_net_cp_1243-8_irc_firmware
simatic_pdm_firmware
sinumerik_opc_ua_server
scalance_xr552-12_firmware
simatic_s7-1200_cpu_1211c_firmware
simatic_rf188c_firmware
scalance_xr526-8c_firmware
scalance_xc-200
simatic_rf188ci
simatic_pdm
simatic_net_cp_1542sp-1_irc_firmware
simatic_hmi_basic_panels_2nd_generation_firmware
simatic_s7-1200_cpu_1211c
simatic_s7-1200_cpu_1217c_firmware
scalance_xb-200_firmware
scalance_xb-200
scalance_xm-400
simatic_net_cp_1243-1_firmware
simatic_hmi_comfort_outdoor_panels_firmware
simatic_rf188c
simatic_cloud_connect_7
simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware
scalance_xp-200_firmware
tim_1531_irc_firmware
simatic_net_cp1243-7_lte_eu
simatic_hmi_ktp_mobile_panels_firmware
simatic_net_cp_1243-1
scalance_xr528-6m
simatic_s7-1200_cpu_1215_fc
scalance_s623
simatic_rf166c_firmware
simatic_s7-1500_cpu_1518-4_pn\/dp_mfp
scalance_m-800
sinec_infrastructure_network_services
scalance_w700_firmware
simatic_s7-1200_cpu_1212fc
simatic_rf188ci_firmware
simatic_s7-1200_cpu_1215_fc_firmware
simatic_pcs_7_telecontrol_firmware
scalance_s627-2m_firmware
simatic_cp_1242-7_gprs_v2
scalance_xr526-8c
scalance_s602
scalance_xr528-6m_firmware
simatic_rf166c
ruggedcom_rcm1224_firmware
scalance_w700
simatic_net_cp1243-7_lte_us_firmware
simatic_rf186ci
simatic_pcs_neo
scalance_s602_firmware
simatic_wincc_telecontrol
ruggedcom_rcm1224
scalance_xf-200ba_firmware
simatic_net_cp_1543sp-1_firmware
scalance_lpe9403_firmware
simatic_rf185c
simatic_mv500
simatic_rf360r_firmware
simatic_hmi_basic_panels_2nd_generation
simatic_mv500_firmware
simatic_rf185c_firmware
simatic_s7-1200_cpu_1212c
simatic_net_cp_1243-8_irc
simatic_s7-1200_cpu_1214c_firmware
tia_administrator
simatic_rf186ci_firmware
simatic_rf360r
scalance_xf-200ba
simatic_net_cp1243-7_lte_eu_firmware
scalance_m-800_firmware
sinec_pni
simatic_net_cp_1545-1
simatic_s7-1200_cpu_1215c
simatic_s7-1200_cpu_1212fc_firmware
simatic_wincc_runtime_advanced
simatic_rf186c_firmware
scalance_xm-400_firmware
simatic_pcs_neo_firmware
simatic_net_cp_1542sp-1_irc
simatic_pcs_7_telecontrol
tim_1531_irc
scalance_xr524-8c
scalance_w1700_firmware
simatic_hmi_ktp_mobile_panels
simatic_s7-1200_cpu_1217c
scalance_s612

oracle

mysql_workbench
mysql_connectors
essbase
enterprise_manager_for_storage_management
peoplesoft_enterprise_peopletools
zfs_storage_appliance_kit
jd_edwards_world_security
graalvm
secure_backup
mysql_server
secure_global_desktop
communications_communications_policy_management
primavera_unifier
jd_edwards_enterpriseone_tools

checkpoint

quantum_security_management_firmware
multi-domain_management
quantum_security_management
quantum_security_gateway_firmware
quantum_security_gateway
multi-domain_management_firmware

tenable

nessus
nessus_network_monitor
tenable.sc
log_correlation_engine

mcafee

web_gateway_cloud_service
web_gateway

netapp

oncommand_workflow_automation
oncommand_insight
santricity_smi-s_provider
storagegrid
ontap_select_deploy_administration_utility
active_iq_unified_manager
snapcenter
cloud_volumes_ontap_mediator
e-series_performance_analyzer

nodejs

node.js

openssl

openssl

sonicwall

sma100
sma100_firmware
capture_client
sonicos

debian

debian_linux

fedoraproject

fedora

freebsd

freebsd

CWE

CWE-476

NULL Pointer Dereference

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-3449

5.9^/10

4.3^/10

Attach tags to `CVE-2021-3449`