Simatic Net Cp 1545 1 Firmware

simatic_net_cp_1545-1_firmware

Vendor: Siemens • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-41991 4Debian FedoraprojectSiemens+1 more 25Cp 1543 1 Firmware Debian LinuxFedora+22 more Nov 21, 2024 Oct 18, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The...Show more The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.Show less
CVE-2021-3449 12Checkpoint DebianFedoraproject+9 more 106Active Iq Unified Manager Capture ClientCloud Volumes Ontap Mediator+103 more Nov 21, 2024 Mar 25, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the...Show more An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).Show less
CVE-2020-27827 5Fedoraproject Lldpd ProjectOpenvswitch+2 more 17Enterprise Linux FedoraLldpd+14 more Dec 3, 2025 Mar 18, 2021 N/A· v4 7.5 HIGH· v3 7.1 HIGH· v2 A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest...Show more A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability.Show less
CVE-2020-9273 5Debian FedoraprojectOpensuse+2 more 7Backports Sle Debian LinuxFedora+4 more Nov 21, 2024 Feb 20, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution.
CVE-2020-9272 3Opensuse ProftpdSiemens 5Backports Sle LeapProftpd+2 more Nov 21, 2024 Feb 20, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.