← Back

Simatic Process Historian Opc Ua Server Firmware

simatic_process_historian_opc_ua_server_firmware

Vendor: Siemens • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-40142
2Opcfoundation
Siemens
7Local Discover Server
Simatic Net PcSimatic Process Historian Opc Ua Server Firmware+4 more
Nov 21, 2024
Aug 27, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a B...Show more
In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.Show less
CVE-2021-3449
12Checkpoint
DebianFedoraproject+9 more
106Active Iq Unified Manager
Capture ClientCloud Volumes Ontap Mediator+103 more
Nov 21, 2024
Mar 25, 2021
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the...Show more
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).Show less