Simatic Logon

simatic_logon

Vendor: Siemens • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-3449 12Checkpoint DebianFedoraproject+9 more 106Active Iq Unified Manager Capture ClientCloud Volumes Ontap Mediator+103 more Nov 21, 2024 Mar 25, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the...Show more An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).Show less
CVE-2017-9938 1Siemens 1Simatic Logon May 13, 2026 Aug 8, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service...Show more A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically.Show less
CVE-2017-2684 1Siemens 1Simatic Logon May 13, 2026 Feb 22, 2017 N/A· v4 9.0 CRITICAL· v3 6.8 MEDIUM· v2 Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.