5.9
MEDIUM
CVE-2021-3449
OpenSSL TLS Server Denial of Service Vulnerability
Description

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

INFO

Published Date :

March 25, 2021, 3:15 p.m.

Last Modified :

June 21, 2024, 7:15 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

2.2
Public PoC/Exploit Available at Github

CVE-2021-3449 has a 29 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2021-3449 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Siemens sinec_infrastructure_network_services
2 Siemens scalance_m-800_firmware
3 Siemens scalance_s615_firmware
4 Siemens scalance_sc-600_firmware
5 Siemens simatic_net_cp_1243-1_firmware
6 Siemens simatic_net_cp_1243-8_irc_firmware
7 Siemens simatic_net_cp_1542sp-1_irc_firmware
8 Siemens simatic_net_cp_1543-1_firmware
9 Siemens simatic_net_cp_1543sp-1_firmware
10 Siemens simatic_rf185c_firmware
11 Siemens simatic_rf186c_firmware
12 Siemens simatic_rf186ci_firmware
13 Siemens simatic_rf188ci_firmware
14 Siemens simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware
15 Siemens scalance_xr524-8c_firmware
16 Siemens scalance_xr526-8c_firmware
17 Siemens scalance_xr528-6m_firmware
18 Siemens scalance_xp-200_firmware
19 Siemens scalance_xc-200_firmware
20 Siemens tia_administrator
21 Siemens tim_1531_irc_firmware
22 Siemens sinec_nms
23 Siemens simatic_cp_1242-7_gprs_v2_firmware
24 Siemens simatic_net_cp_1545-1_firmware
25 Siemens simatic_net_cp1243-7_lte_eu_firmware
26 Siemens scalance_xb-200_firmware
27 Siemens scalance_xf-200ba_firmware
28 Siemens scalance_xr-300wg_firmware
29 Siemens simatic_s7-1200_cpu_1211c_firmware
30 Siemens simatic_s7-1200_cpu_1212c_firmware
31 Siemens simatic_s7-1200_cpu_1214c_firmware
32 Siemens simatic_s7-1200_cpu_1215c_firmware
33 Siemens simatic_s7-1200_cpu_1217c_firmware
34 Siemens simatic_rf166c_firmware
35 Siemens simatic_rf188c_firmware
36 Siemens simatic_rf360r_firmware
37 Siemens scalance_xm-400_firmware
38 Siemens scalance_w700_firmware
39 Siemens scalance_w1700_firmware
40 Siemens simatic_mv500_firmware
41 Siemens simatic_pdm_firmware
42 Siemens sinema_server
43 Siemens simatic_wincc_runtime_advanced
44 Siemens scalance_lpe9403_firmware
45 Siemens simatic_s7-1200_cpu_1212fc_firmware
46 Siemens simatic_s7-1200_cpu_1214_fc_firmware
47 Siemens simatic_s7-1200_cpu_1215_fc_firmware
48 Siemens scalance_s602_firmware
49 Siemens scalance_s612_firmware
50 Siemens scalance_s623_firmware
51 Siemens scalance_s627-2m_firmware
52 Siemens simatic_hmi_ktp_mobile_panels_firmware
53 Siemens simatic_logon
54 Siemens ruggedcom_rcm1224_firmware
55 Siemens scalance_xr552-12_firmware
56 Siemens simatic_cloud_connect_7_firmware
57 Siemens simatic_hmi_basic_panels_2nd_generation_firmware
58 Siemens simatic_hmi_comfort_outdoor_panels_firmware
59 Siemens simatic_net_cp1243-7_lte_us_firmware
60 Siemens simatic_pcs_7_telecontrol_firmware
61 Siemens simatic_pcs_neo_firmware
62 Siemens simatic_process_historian_opc_ua_server_firmware
63 Siemens sinamics_connect_300_firmware
64 Siemens simatic_wincc_telecontrol
65 Siemens sinec_pni
66 Siemens sinumerik_opc_ua_server
67 Siemens scalance_s602
68 Siemens scalance_s612
69 Siemens scalance_s615
70 Siemens scalance_m-800
71 Siemens scalance_w700
72 Siemens scalance_w1700
73 Siemens scalance_xb-200
74 Siemens scalance_xc-200
75 Siemens scalance_xf-200ba
76 Siemens scalance_xp-200
77 Siemens scalance_xr-300wg
78 Siemens simatic_mv500
79 Siemens simatic_s7-1500_cpu_1518-4_pn\/dp_mfp
80 Siemens tim_1531_irc
81 Siemens ruggedcom_rcm1224
82 Siemens scalance_lpe9403
83 Siemens scalance_s623
84 Siemens scalance_s627-2m
85 Siemens scalance_sc-600
86 Siemens scalance_xm-400
87 Siemens scalance_xr524-8c
88 Siemens scalance_xr526-8c
89 Siemens scalance_xr528-6m
90 Siemens scalance_xr552-12
91 Siemens simatic_cloud_connect_7
92 Siemens simatic_cp_1242-7_gprs_v2
93 Siemens simatic_hmi_basic_panels_2nd_generation
94 Siemens simatic_hmi_comfort_outdoor_panels
95 Siemens simatic_hmi_ktp_mobile_panels
96 Siemens simatic_net_cp_1243-1
97 Siemens simatic_net_cp1243-7_lte_eu
98 Siemens simatic_net_cp1243-7_lte_us
99 Siemens simatic_net_cp_1243-8_irc
100 Siemens simatic_net_cp_1542sp-1_irc
101 Siemens simatic_net_cp_1543-1
102 Siemens simatic_net_cp_1543sp-1
103 Siemens simatic_net_cp_1545-1
104 Siemens simatic_pcs_7_telecontrol
105 Siemens simatic_pcs_neo
106 Siemens simatic_pdm
107 Siemens simatic_process_historian_opc_ua_server
108 Siemens simatic_rf166c
109 Siemens simatic_rf185c
110 Siemens simatic_rf186c
111 Siemens simatic_rf186ci
112 Siemens simatic_rf188c
113 Siemens simatic_rf188ci
114 Siemens simatic_rf360r
115 Siemens simatic_s7-1200_cpu_1211c
116 Siemens simatic_s7-1200_cpu_1212c
117 Siemens simatic_s7-1200_cpu_1212fc
118 Siemens simatic_s7-1200_cpu_1214_fc
119 Siemens simatic_s7-1200_cpu_1214c
120 Siemens simatic_s7-1200_cpu_1215_fc
121 Siemens simatic_s7-1200_cpu_1215c
122 Siemens simatic_s7-1200_cpu_1217c
123 Siemens sinamics_connect_300
1 Oracle zfs_storage_appliance_kit
2 Oracle peoplesoft_enterprise_peopletools
3 Oracle primavera_unifier
4 Oracle jd_edwards_enterpriseone_tools
5 Oracle mysql_workbench
6 Oracle essbase
7 Oracle secure_backup
8 Oracle secure_global_desktop
9 Oracle graalvm
10 Oracle mysql_server
11 Oracle mysql_connectors
12 Oracle enterprise_manager_for_storage_management
13 Oracle jd_edwards_world_security
14 Oracle communications_communications_policy_management
1 Netapp active_iq_unified_manager
2 Netapp ontap_select_deploy_administration_utility
3 Netapp oncommand_insight
4 Netapp oncommand_workflow_automation
5 Netapp snapcenter
6 Netapp storagegrid
7 Netapp santricity_smi-s_provider
8 Netapp e-series_performance_analyzer
9 Netapp cloud_volumes_ontap_mediator
1 Checkpoint quantum_security_management_firmware
2 Checkpoint multi-domain_management_firmware
3 Checkpoint quantum_security_gateway_firmware
4 Checkpoint quantum_security_gateway
5 Checkpoint quantum_security_management
6 Checkpoint multi-domain_management
1 Tenable tenable.sc
2 Tenable nessus
3 Tenable log_correlation_engine
4 Tenable nessus_network_monitor
1 Sonicwall sonicos
2 Sonicwall sma100_firmware
3 Sonicwall capture_client
4 Sonicwall sma100
1 Mcafee web_gateway
2 Mcafee web_gateway_cloud_service
1 Fedoraproject fedora
1 Debian debian_linux
1 Openssl openssl
1 Freebsd freebsd
1 Nodejs node.js
: Total Affected Vendor : 12 | Products : 167
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-3449.

URL Resource
http://www.openwall.com/lists/oss-security/2021/03/27/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/27/2 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/28/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/28/4 Mailing List Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf Patch Third Party Advisory
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10356 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013 Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc Third Party Advisory
https://security.gentoo.org/glsa/202103-03 Third Party Advisory
https://security.netapp.com/advisory/ntap-20210326-0006/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20210513-0002/ Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd Third Party Advisory
https://www.debian.org/security/2021/dsa-4875 Third Party Advisory
https://www.openssl.org/news/secadv/20210325.txt Vendor Advisory
https://www.oracle.com//security-alerts/cpujul2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html Third Party Advisory
https://www.tenable.com/security/tns-2021-05 Third Party Advisory
https://www.tenable.com/security/tns-2021-06 Third Party Advisory
https://www.tenable.com/security/tns-2021-09 Third Party Advisory
https://www.tenable.com/security/tns-2021-10 Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
juwisnie/AZDevops-TrivyScan-Pipe

Based in https://github.com/arindam0310018/04-Apr-2022-DevOps__Scan-Images-In-ACR-Using-Trivy

Dockerfile HTML

Updated: 2 months ago
0 stars 0 fork 0 watcher
Born at : Sept. 19, 2024, 3:48 p.m. This repo has been linked 19 different CVEs too.
Profile Photo
NaInSec/CVE-PoC-in-GitHub

All CVE - PoC in GitHub

poc proofofconcept tester allcve cvegithub cvenew cvepoc cveupdate

Updated: 2 months, 3 weeks ago
5 stars 2 fork 2 watcher
Born at : March 22, 2024, 3:58 p.m. This repo has been linked 928 different CVEs too.
Profile Photo
fuzzing-peach/vul-and-poc

None

Shell Dockerfile C

Updated: 1 week, 6 days ago
0 stars 0 fork 0 watcher
Born at : March 20, 2024, 9:52 a.m. This repo has been linked 6 different CVEs too.
Profile Photo
zecool/cve

None

Updated: 8 months, 1 week ago
1 stars 0 fork 0 watcher
Born at : March 11, 2024, 1:21 p.m. This repo has been linked 930 different CVEs too.
Profile Photo
fredrkl/trivy-demo

Demo repository showcasing some of the possibilities of Aqua Trivy.

cncf-demo trivy

Dockerfile Shell

Updated: 1 year, 3 months ago
0 stars 0 fork 0 watcher
Born at : May 6, 2023, 9:42 a.m. This repo has been linked 27 different CVEs too.
Profile Photo
gitchangye/cve

None

Makefile Go

Updated: 1 year, 6 months ago
0 stars 0 fork 0 watcher
Born at : May 4, 2023, 12:50 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
whoforget/CVE-POC

None

Updated: 1 year, 7 months ago
0 stars 2 fork 2 watcher
Born at : April 8, 2023, 6:19 a.m. This repo has been linked 923 different CVEs too.
Profile Photo
chnzzh/OpenSSL-CVE-lib

None

Updated: 2 months, 2 weeks ago
5 stars 0 fork 0 watcher
Born at : Feb. 23, 2023, 5:42 a.m. This repo has been linked 455 different CVEs too.
Profile Photo
k0mi-tg/CVE-POC

None

Updated: 9 months, 1 week ago
20 stars 3 fork 3 watcher
Born at : Feb. 14, 2023, 6:10 p.m. This repo has been linked 921 different CVEs too.
Profile Photo
WhooAmii/POC_to_review

None

Updated: 9 months ago
2 stars 2 fork 2 watcher
Born at : Nov. 25, 2022, 5:43 p.m. This repo has been linked 930 different CVEs too.
Profile Photo
anquanscan/sec-tools

None

Updated: 2 months, 2 weeks ago
17 stars 5 fork 5 watcher
Born at : July 28, 2022, 3:22 a.m. This repo has been linked 149 different CVEs too.
Profile Photo
tianocore-docs/ThirdPartySecurityAdvisories

Third party components security advisories

HTML CSS

Updated: 1 year, 4 months ago
1 stars 0 fork 0 watcher
Born at : July 18, 2022, 7:03 p.m. This repo has been linked 9 different CVEs too.
Profile Photo
thecyberbaby/Trivy-by-AquaSecurity

A security framework by Aquasecurity

Updated: 2 years, 4 months ago
0 stars 0 fork 0 watcher
Born at : June 22, 2022, 10:40 a.m. This repo has been linked 16 different CVEs too.
Profile Photo
soosmile/POC

None

Updated: 4 months, 3 weeks ago
8 stars 1 fork 1 watcher
Born at : June 21, 2022, 7:45 a.m. This repo has been linked 943 different CVEs too.
Profile Photo
FeFi7/attacking_embedded_linux

Git Repository for my Bachelor Thesis "Analysis of attack vectors for embedded Linux"

Makefile Dockerfile JavaScript Go Shell C BitBake BlitzBasic Smarty PHP

Updated: 10 months, 1 week ago
2 stars 0 fork 0 watcher
Born at : June 7, 2022, 12:19 p.m. This repo has been linked 3 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-3449 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-3449 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    Jun. 21, 2024

    Action Type Old Value New Value
    Added Reference OpenSSL Software Foundation https://security.netapp.com/advisory/ntap-20240621-0006/ [No types assigned]
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Added Reference OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=fb9fa6b51defd48157eeb207f52181f735d96148 [No types assigned]
    Added Reference OpenSSL Software Foundation https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/ [No types assigned]
    Removed Reference OpenSSL Software Foundation https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148
    Removed Reference OpenSSL Software Foundation https://lists.fedoraproject.org/archives/list/[email protected]/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/
  • Modified Analysis by [email protected]

    Aug. 29, 2022

    Action Type Old Value New Value
    Changed Reference Type https://www.oracle.com/security-alerts/cpuapr2022.html No Types Assigned https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory
    Changed Reference Type https://www.oracle.com/security-alerts/cpujul2022.html No Types Assigned https://www.oracle.com/security-alerts/cpujul2022.html Third Party Advisory
    Changed CPE Configuration OR *cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.6.0 *cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions up to (including) 5.7.33 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from (including) 8.0.15 up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* *cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:* versions up to (excluding) 18.1.0.1.0 *cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:* *cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* OR *cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:* *cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.6.0 *cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions up to (including) 5.7.33 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from (including) 8.0.15 up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7 up to (including) 17.12 *cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:* *cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:* versions up to (excluding) 18.1.0.1.0 *cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:* *cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (including) 10.0.0 up to (including) 10.12.0 *cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 10.13.0 up to (including) 10.24.0 *cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (including) 12.0.0 up to (including) 12.12.0 *cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 12.13.0 up to (excluding) 12.22.1 *cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (including) 14.0.0 up to (including) 14.14.0 *cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* versions from (including) 14.15.0 up to (excluding) 14.16.1 *cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* versions from (including) 15.0.0 up to (excluding) 15.14.0
  • CVE Modified by [email protected]

    Jul. 25, 2022

    Action Type Old Value New Value
    Added Reference https://www.oracle.com/security-alerts/cpujul2022.html [No Types Assigned]
  • CVE Modified by [email protected]

    Apr. 20, 2022

    Action Type Old Value New Value
    Added Reference https://www.oracle.com/security-alerts/cpuapr2022.html [No Types Assigned]
  • Reanalysis by [email protected]

    Apr. 07, 2022

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.1.1 *cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1.1:*:*:*:*:*:*:* OR *cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.1.1
  • Modified Analysis by [email protected]

    Apr. 06, 2022

    Action Type Old Value New Value
    Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf Third Party Advisory
    Changed Reference Type https://www.oracle.com/security-alerts/cpuoct2021.html No Types Assigned https://www.oracle.com/security-alerts/cpuoct2021.html Third Party Advisory
    Changed CPE Configuration OR *cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions up to (including) 5.7.33 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from (including) 8.0.15 up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* *cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:* *cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* OR *cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.6.0 *cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:* *cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions up to (including) 5.7.33 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from (including) 8.0.15 up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* *cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:* versions up to (excluding) 18.1.0.1.0 *cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:* *cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:* versions up to (excluding) 1.0.1.1 *cpe:2.3:a:siemens:sinec_infrastructure_network_services:1.0.1.1:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Mar. 10, 2022

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 20, 2021

    Action Type Old Value New Value
    Added Reference https://www.oracle.com/security-alerts/cpuoct2021.html [No Types Assigned]
  • Modified Analysis by [email protected]

    Sep. 21, 2021

    Action Type Old Value New Value
    Changed Reference Type https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf No Types Assigned https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf Patch, Third Party Advisory
    Changed Reference Type https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 No Types Assigned https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 Third Party Advisory
    Changed Reference Type https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html No Types Assigned https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html Mailing List, Third Party Advisory
    Changed Reference Type https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013 No Types Assigned https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013 Third Party Advisory
    Changed Reference Type https://www.oracle.com//security-alerts/cpujul2021.html No Types Assigned https://www.oracle.com//security-alerts/cpujul2021.html Patch, Third Party Advisory
    Changed CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* OR *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    Changed CPE Configuration OR *cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions up to (including) 5.7.33 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from (including) 8.0.15 up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:* OR *cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:* *cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions up to (including) 5.7.33 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from (including) 8.0.15 up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* *cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* *cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:* *cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:* versions from (including) 10.2.0.0 up to (excluding) 10.2.1.0-17sv OR cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:sonicwall:capture_client:3.5:*:*:*:*:*:*:* *cpe:2.3:o:sonicwall:sonicos:7.0.1.0:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware:*:*:*:*:*:*:*:* versions from (including) 6.2 OR cpe:2.3:h:siemens:ruggedcom_rcm1224:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:* versions from (including) 6.2 OR cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_s602_firmware:*:*:*:*:*:*:*:* versions from (including) 4.1 OR cpe:2.3:h:siemens:scalance_s602:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_s612_firmware:*:*:*:*:*:*:*:* versions from (including) 4.1 OR cpe:2.3:h:siemens:scalance_s612:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:* versions from (including) 6.2 OR cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_s623_firmware:*:*:*:*:*:*:*:* versions from (including) 4.1 OR cpe:2.3:h:siemens:scalance_s623:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_s627-2m_firmware:*:*:*:*:*:*:*:* versions from (including) 4.1 OR cpe:2.3:h:siemens:scalance_s627-2m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_sc-600_firmware:*:*:*:*:*:*:*:* versions from (including) 2.0 OR cpe:2.3:h:siemens:scalance_sc-600:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:* versions from (including) 6.5 OR cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_w1700_firmware:*:*:*:*:*:*:*:* versions from (including) 2.0 OR cpe:2.3:h:siemens:scalance_w1700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.3 OR cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.3 OR cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.3 OR cpe:2.3:h:siemens:scalance_xf-200ba:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.4 OR cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.3 OR cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 4.3 OR cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.4 OR cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.4 OR cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.4 OR cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:scalance_xr552-12_firmware:*:*:*:*:*:*:*:* versions up to (excluding) 6.4 OR cpe:2.3:h:siemens:scalance_xr552-12:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:*:*:*:*:*:*:*:* versions from (including) 1.1 OR cpe:2.3:h:siemens:simatic_cloud_connect_7:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:*:*:*:*:*:*:* *cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1 OR cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_mv500_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_mv500:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1 OR cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1 OR cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_us_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1 OR cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_us:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:* versions from (including) 3.1 OR cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:* versions from (including) 2.1 OR cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:* versions from (including) 2.2 up to (excluding) 3.0 OR cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:*:*:*:*:*:*:*:* versions from (including) 2.1 OR cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:*:*:*:*:*:*:*:* versions from (including) 1.0 OR cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_pcs_7_telecontrol_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_pcs_7_telecontrol:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_pcs_neo_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_pcs_neo:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_pdm_firmware:*:*:*:*:*:*:*:* versions from (including) 9.1.0.7 OR cpe:2.3:h:siemens:simatic_pdm:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_process_historian_opc_ua_server_firmware:*:*:*:*:*:*:*:* versions from (including) 2019 OR cpe:2.3:h:siemens:simatic_process_historian_opc_ua_server:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_rf166c_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_rf166c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_rf185c_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_rf185c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_rf186c_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_rf186c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_rf186ci_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_rf186ci:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_rf188ci_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_rf188ci:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_rf360r_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_rf360r:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:sinamics_connect_300_firmware:*:*:*:*:*:*:*:* OR cpe:2.3:h:siemens:sinamics_connect_300:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:* versions from (including) 2.0 up to (excluding) 2.2 OR cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:siemens:simatic_logon:1.5:sp3_update_1:*:*:*:*:*:* *cpe:2.3:a:siemens:simatic_logon:*:*:*:*:*:*:*:* versions from (including) 1.6.0.2 *cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:* *cpe:2.3:a:siemens:simatic_wincc_telecontrol:-:*:*:*:*:*:*:* *cpe:2.3:a:siemens:sinec_nms:1.0:-:*:*:*:*:*:* *cpe:2.3:a:siemens:sinec_nms:1.0:sp1:*:*:*:*:*:* *cpe:2.3:a:siemens:sinec_pni:-:*:*:*:*:*:*:* *cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:* *cpe:2.3:a:siemens:sinema_server:14.0:sp1:*:*:*:*:*:* *cpe:2.3:a:siemens:sinema_server:14.0:sp2:*:*:*:*:*:* *cpe:2.3:a:siemens:sinema_server:14.0:sp2_update1:*:*:*:*:*:* *cpe:2.3:a:siemens:sinema_server:14.0:sp2_update2:*:*:*:*:*:* *cpe:2.3:a:siemens:sinumerik_opc_ua_server:*:*:*:*:*:*:*:* *cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Aug. 31, 2021

    Action Type Old Value New Value
    Added Reference https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 20, 2021

    Action Type Old Value New Value
    Added Reference https://www.oracle.com//security-alerts/cpujul2021.html [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 15, 2021

    Action Type Old Value New Value
    Added Reference https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013 [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 14, 2021

    Action Type Old Value New Value
    Added Reference https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845 [No Types Assigned]
  • CVE Modified by [email protected]

    Jul. 13, 2021

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf [No Types Assigned]
  • Modified Analysis by [email protected]

    Jun. 17, 2021

    Action Type Old Value New Value
    Changed Reference Type https://security.netapp.com/advisory/ntap-20210513-0002/ No Types Assigned https://security.netapp.com/advisory/ntap-20210513-0002/ Third Party Advisory
    Changed Reference Type https://www.oracle.com/security-alerts/cpuApr2021.html No Types Assigned https://www.oracle.com/security-alerts/cpuApr2021.html Patch, Third Party Advisory
    Changed Reference Type https://www.tenable.com/security/tns-2021-09 No Types Assigned https://www.tenable.com/security/tns-2021-09 Third Party Advisory
    Changed Reference Type https://www.tenable.com/security/tns-2021-10 No Types Assigned https://www.tenable.com/security/tns-2021-10 Third Party Advisory
    Changed CPE Configuration OR *cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:* OR *cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* *cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
    Changed CPE Configuration OR *cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:* versions up to (including) 8.13.1 *cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions from (including) 5.13.0 up to (including) 5.17.0 OR *cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9 *cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:* versions up to (including) 8.13.1 *cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:*:*:*:*:*:*:* *cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:*:*:*:*:*:*:* *cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:*:*:*:*:*:*:* *cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:*:*:*:*:*:*:* *cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:*:*:*:*:*:*:* *cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions from (including) 5.13.0 up to (including) 5.17.0
    Added CPE Configuration OR *cpe:2.3:a:oracle:graalvm:19.3.5:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:20.3.1.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:graalvm:21.0.0.2:*:*:*:enterprise:*:*:* *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions up to (including) 5.7.33 *cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:* versions from (including) 8.0.15 up to (including) 8.0.23 *cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:* versions up to (including) 8.0.23 *cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Jun. 14, 2021

    Action Type Old Value New Value
    Added Reference https://www.oracle.com/security-alerts/cpuApr2021.html [No Types Assigned]
  • CVE Modified by [email protected]

    Jun. 02, 2021

    Action Type Old Value New Value
    Added Reference https://www.tenable.com/security/tns-2021-10 [No Types Assigned]
  • CVE Modified by [email protected]

    May. 13, 2021

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20210513-0002/ [No Types Assigned]
  • CVE Modified by [email protected]

    May. 11, 2021

    Action Type Old Value New Value
    Added Reference https://www.tenable.com/security/tns-2021-09 [No Types Assigned]
  • Modified Analysis by [email protected]

    Apr. 20, 2021

    Action Type Old Value New Value
    Changed Reference Type https://kc.mcafee.com/corporate/index?page=content&id=SB10356 No Types Assigned https://kc.mcafee.com/corporate/index?page=content&id=SB10356 Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/ Mailing List, Third Party Advisory
    Changed Reference Type https://www.tenable.com/security/tns-2021-05 No Types Assigned https://www.tenable.com/security/tns-2021-05 Third Party Advisory
    Changed Reference Type https://www.tenable.com/security/tns-2021-06 No Types Assigned https://www.tenable.com/security/tns-2021-06 Third Party Advisory
    Removed CPE Configuration AND OR *cpe:2.3:o:netapp:santricity_smi-s_provider_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
    Removed CPE Configuration AND OR *cpe:2.3:o:netapp:storagegrid_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:storagegrid:-:*:*:*:*:*:*:*
    Removed CPE Configuration OR *cpe:2.3:o:windriver:linux:-:*:*:*:cd:*:*:* *cpe:2.3:o:windriver:linux:17.0:*:*:*:lts:*:*:* *cpe:2.3:o:windriver:linux:18.0:*:*:*:lts:*:*:* *cpe:2.3:o:windriver:linux:19.0:*:*:*:lts:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:* *cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:* versions up to (including) 8.13.1 *cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:* versions from (including) 5.13.0 up to (including) 5.17.0
    Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:mcafee:web_gateway:8.2.19:*:*:*:*:*:*:* *cpe:2.3:a:mcafee:web_gateway:9.2.10:*:*:*:*:*:*:* *cpe:2.3:a:mcafee:web_gateway:10.1.1:*:*:*:*:*:*:* *cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:*:*:*:*:*:*:* *cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:*:*:*:*:*:*:* *cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:checkpoint:quantum_security_management_firmware:r80.40:*:*:*:*:*:*:* *cpe:2.3:o:checkpoint:quantum_security_management_firmware:r81:*:*:*:*:*:*:* OR cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:checkpoint:multi-domain_management_firmware:r80.40:*:*:*:*:*:*:* *cpe:2.3:o:checkpoint:multi-domain_management_firmware:r81:*:*:*:*:*:*:* OR cpe:2.3:h:checkpoint:multi-domain_management:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:*:*:*:*:*:*:* *cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81:*:*:*:*:*:*:* OR cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Apr. 15, 2021

    Action Type Old Value New Value
    Added Reference https://kc.mcafee.com/corporate/index?page=content&id=SB10356 [No Types Assigned]
  • CVE Modified by [email protected]

    Apr. 02, 2021

    Action Type Old Value New Value
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/ [No Types Assigned]
  • CVE Modified by [email protected]

    Apr. 01, 2021

    Action Type Old Value New Value
    Added Reference https://www.tenable.com/security/tns-2021-05 [No Types Assigned]
  • CVE Modified by [email protected]

    Apr. 01, 2021

    Action Type Old Value New Value
    Added Reference https://www.tenable.com/security/tns-2021-06 [No Types Assigned]
  • Initial Analysis by [email protected]

    Mar. 31, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:M/Au:N/C:N/I:N/A:P)
    Added CVSS V3.1 NIST AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
    Changed Reference Type http://www.openwall.com/lists/oss-security/2021/03/27/1 No Types Assigned http://www.openwall.com/lists/oss-security/2021/03/27/1 Mailing List, Third Party Advisory
    Changed Reference Type http://www.openwall.com/lists/oss-security/2021/03/27/2 No Types Assigned http://www.openwall.com/lists/oss-security/2021/03/27/2 Mailing List, Third Party Advisory
    Changed Reference Type http://www.openwall.com/lists/oss-security/2021/03/28/3 No Types Assigned http://www.openwall.com/lists/oss-security/2021/03/28/3 Mailing List, Third Party Advisory
    Changed Reference Type http://www.openwall.com/lists/oss-security/2021/03/28/4 No Types Assigned http://www.openwall.com/lists/oss-security/2021/03/28/4 Mailing List, Third Party Advisory
    Changed Reference Type https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148 No Types Assigned https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148 Mailing List, Patch, Vendor Advisory
    Changed Reference Type https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc No Types Assigned https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc Third Party Advisory
    Changed Reference Type https://security.gentoo.org/glsa/202103-03 No Types Assigned https://security.gentoo.org/glsa/202103-03 Third Party Advisory
    Changed Reference Type https://security.netapp.com/advisory/ntap-20210326-0006/ No Types Assigned https://security.netapp.com/advisory/ntap-20210326-0006/ Third Party Advisory
    Changed Reference Type https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd No Types Assigned https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd Third Party Advisory
    Changed Reference Type https://www.debian.org/security/2021/dsa-4875 No Types Assigned https://www.debian.org/security/2021/dsa-4875 Third Party Advisory
    Changed Reference Type https://www.openssl.org/news/secadv/20210325.txt No Types Assigned https://www.openssl.org/news/secadv/20210325.txt Vendor Advisory
    Added CWE NIST CWE-476
    Added CPE Configuration OR *cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:* versions from (including) 1.1.1 up to (excluding) 1.1.1k
    Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:freebsd:freebsd:12.2:-:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:12.2:p1:*:*:*:*:*:* *cpe:2.3:o:freebsd:freebsd:12.2:p2:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:santricity_smi-s_provider_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:netapp:storagegrid_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:netapp:storagegrid:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:o:windriver:linux:-:*:*:*:cd:*:*:* *cpe:2.3:o:windriver:linux:17.0:*:*:*:lts:*:*:* *cpe:2.3:o:windriver:linux:18.0:*:*:*:lts:*:*:* *cpe:2.3:o:windriver:linux:19.0:*:*:*:lts:*:*:*
  • CVE Modified by [email protected]

    Mar. 31, 2021

    Action Type Old Value New Value
    Added Reference https://security.gentoo.org/glsa/202103-03 [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 29, 2021

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2021/03/28/4 [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 28, 2021

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2021/03/28/3 [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 28, 2021

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2021/03/27/2 [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 27, 2021

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2021/03/27/1 [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 26, 2021

    Action Type Old Value New Value
    Added Reference https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 26, 2021

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20210326-0006/ [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 25, 2021

    Action Type Old Value New Value
    Added Reference https://www.debian.org/security/2021/dsa-4875 [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 25, 2021

    Action Type Old Value New Value
    Added Reference https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd [No Types Assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-3449 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-3449 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.50 }} 0.15%

score

0.76372

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: