Simatic Hmi Basic Panels 2nd Generation Firmware

simatic_hmi_basic_panels_2nd_generation_firmware

Vendor: Siemens • 2 CVEs

CVEs (2)

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-3449

12Checkpoint

DebianFedoraproject+9 more

106Active Iq Unified Manager

Capture ClientCloud Volumes Ontap Mediator+103 more

Nov 21, 2024

Mar 25, 2021

N/A· v4

5.9 MEDIUM· v3

4.3 MEDIUM· v2

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).Show less

CVE-2020-15786

1Siemens

4Simatic Hmi Basic Panels 2nd Generation Firmware

Simatic Hmi Comfort Panels FirmwareSimatic Hmi Mobile Panels Firmware+1 more

Jun 2, 2026

Sep 9, 2020

N/A· v4

9.8 CRITICAL· v3

5.0 MEDIUM· v2

A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Generation (incl. SIPLUS variants) (All versions < V16), SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions <= V16), SIMATIC HMI Mobile Panels (All versions <= V16), SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently block excessive authentication attempts. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack.Show less