CVE-2021-3449

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).

CVSS v3.0 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148	Mailing List Patch Vendor Advisory
https://www.openssl.org/news/secadv/20210325.txt	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd	Third Party Advisory
https://www.debian.org/security/2021/dsa-4875	Third Party Advisory
https://security.netapp.com/advisory/ntap-20210326-0006/	Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-21:07.openssl.asc	Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/27/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/27/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/28/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/03/28/4	Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202103-03	Third Party Advisory
https://www.tenable.com/security/tns-2021-06	Third Party Advisory
https://www.tenable.com/security/tns-2021-05	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CCBFLLVQVILIVGZMBJL3IXZGKWQISYNP/	Mailing List Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10356	Third Party Advisory
https://www.tenable.com/security/tns-2021-09	Third Party Advisory
https://security.netapp.com/advisory/ntap-20210513-0002/	Third Party Advisory
https://www.tenable.com/security/tns-2021-10	Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html	Patch Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf	Patch Third Party Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44845	Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0013	Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html	Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:freebsd:freebsd:12.2:p1::::::
	cpe:2.3:o:freebsd:freebsd:12.2:p2::::::
	cpe:2.3:o:freebsd:freebsd:12.2:-::::::

Configuration 4 (hide)

OR	cpe:2.3:a:netapp:santricity_smi-s_provider:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:storagegrid:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:cloud_volumes_ontap_mediator:-:::::::*
	cpe:2.3:a:netapp:e-series_performance_analyzer:-:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:tenable:tenable.sc::::::::
	cpe:2.3:a:tenable:nessus::::::::
	cpe:2.3:a:tenable:nessus_network_monitor:5.11.1:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.12.0:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.12.1:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.13.0:::::::*
	cpe:2.3:a:tenable:nessus_network_monitor:5.11.0:::::::*
	cpe:2.3:a:tenable:log_correlation_engine::::::::

Configuration 6 (hide)

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 7 (hide)

OR	cpe:2.3:a:mcafee:web_gateway_cloud_service:10.1.1:::::::*
	cpe:2.3:a:mcafee:web_gateway_cloud_service:9.2.10:::::::*
	cpe:2.3:a:mcafee:web_gateway_cloud_service:8.2.19:::::::*
	cpe:2.3:a:mcafee:web_gateway:10.1.1:::::::*
	cpe:2.3:a:mcafee:web_gateway:9.2.10:::::::*
	cpe:2.3:a:mcafee:web_gateway:8.2.19:::::::*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:checkpoint:quantum_security_management_firmware:r80.40:::::::*
	cpe:2.3:o:checkpoint:quantum_security_management_firmware:r81:::::::*

cpe:2.3:h:checkpoint:quantum_security_management:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:checkpoint:multi-domain_management_firmware:r80.40:::::::*
	cpe:2.3:o:checkpoint:multi-domain_management_firmware:r81:::::::*

cpe:2.3:h:checkpoint:multi-domain_management:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r80.40:::::::*
	cpe:2.3:o:checkpoint:quantum_security_gateway_firmware:r81:::::::*

cpe:2.3:h:checkpoint:quantum_security_gateway:-:*:*:*:*:*:*:*

Configuration 11 (hide)

OR	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::*
	cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:::::::*
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:::::::*
	cpe:2.3:a:oracle:primavera_unifier:19.12:::::::*
	cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:::::::*
	cpe:2.3:a:oracle:primavera_unifier:20.12:::::::*
	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*
	cpe:2.3:a:oracle:secure_global_desktop:5.6:::::::*
	cpe:2.3:a:oracle:graalvm:20.3.1.2::::enterprise:::
	cpe:2.3:a:oracle:graalvm:21.0.0.2::::enterprise:::
	cpe:2.3:a:oracle:graalvm:19.3.5::::enterprise:::
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_server::::::::
	cpe:2.3:a:oracle:mysql_workbench::::::::
	cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:::::::*
	cpe:2.3:a:oracle:essbase:21.2:::::::*
	cpe:2.3:a:oracle:mysql_connectors::::::::
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools::::::::
	cpe:2.3:a:oracle:primavera_unifier:21.12:::::::*
	cpe:2.3:a:oracle:secure_backup::::::::
	cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:::::::*

Configuration 12 (hide)

AND

cpe:2.3:o:sonicwall:sma100_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:sma100:-:*:*:*:*:*:*:*

Configuration 13 (hide)

OR	cpe:2.3:a:sonicwall:capture_client:3.5:::::::*
	cpe:2.3:o:sonicwall:sonicos:7.0.1.0:::::::*

Configuration 14 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_rcm1224_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_rcm1224:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:siemens:scalance_s602_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s602:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:siemens:scalance_s612_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s612:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:siemens:scalance_s623_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s623:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:siemens:scalance_s627-2m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_s627-2m:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:siemens:scalance_sc-600_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_sc-600:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:siemens:scalance_w1700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_w1700:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:siemens:scalance_xf-200ba_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xf-200ba:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:siemens:scalance_xm-400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xm-400:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:siemens:scalance_xr524-8c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr524-8c:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:siemens:scalance_xr526-8c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr526-8c:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:siemens:scalance_xr528-6m_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr528-6m:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:siemens:scalance_xr552-12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:scalance_xr552-12:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

OR	cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware:-:::::::*
	cpe:2.3:o:siemens:simatic_cloud_connect_7_firmware::::::::

cpe:2.3:h:siemens:simatic_cloud_connect_7:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

OR	cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware:-:::::::*
	cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_v2_firmware::::::::

cpe:2.3:h:siemens:simatic_cp_1242-7_gprs_v2:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_basic_panels_2nd_generation_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_basic_panels_2nd_generation:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_comfort_outdoor_panels_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_comfort_outdoor_panels:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:siemens:simatic_hmi_ktp_mobile_panels_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_hmi_ktp_mobile_panels:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:siemens:simatic_mv500_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_mv500:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1243-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1243-1:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_eu:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp1243-7_lte_us_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp1243-7_lte_us:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1243-8_irc:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1542sp-1_irc:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1543-1:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1543sp-1:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND

cpe:2.3:o:siemens:simatic_net_cp_1545-1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_net_cp_1545-1:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND

cpe:2.3:o:siemens:simatic_pcs_7_telecontrol_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pcs_7_telecontrol:-:*:*:*:*:*:*:*

Configuration 50 (hide)

AND

cpe:2.3:o:siemens:simatic_pcs_neo_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pcs_neo:-:*:*:*:*:*:*:*

Configuration 51 (hide)

AND

cpe:2.3:o:siemens:simatic_pdm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_pdm:-:*:*:*:*:*:*:*

Configuration 52 (hide)

AND

cpe:2.3:o:siemens:simatic_process_historian_opc_ua_server_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_process_historian_opc_ua_server:-:*:*:*:*:*:*:*

Configuration 53 (hide)

AND

cpe:2.3:o:siemens:simatic_rf166c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf166c:-:*:*:*:*:*:*:*

Configuration 54 (hide)

AND

cpe:2.3:o:siemens:simatic_rf185c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf185c:-:*:*:*:*:*:*:*

Configuration 55 (hide)

AND

cpe:2.3:o:siemens:simatic_rf186c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf186c:-:*:*:*:*:*:*:*

Configuration 56 (hide)

AND

cpe:2.3:o:siemens:simatic_rf186ci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf186ci:-:*:*:*:*:*:*:*

Configuration 57 (hide)

AND

cpe:2.3:o:siemens:simatic_rf188c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf188c:-:*:*:*:*:*:*:*

Configuration 58 (hide)

AND

cpe:2.3:o:siemens:simatic_rf188ci_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf188ci:-:*:*:*:*:*:*:*

Configuration 59 (hide)

AND

cpe:2.3:o:siemens:simatic_rf360r_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_rf360r:-:*:*:*:*:*:*:*

Configuration 60 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1211c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1211c:-:*:*:*:*:*:*:*

Configuration 61 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212c:-:*:*:*:*:*:*:*

Configuration 62 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1212fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1212fc:-:*:*:*:*:*:*:*

Configuration 63 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*

Configuration 64 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214c:-:*:*:*:*:*:*:*

Configuration 65 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1214_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1214_fc:-:*:*:*:*:*:*:*

Configuration 66 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215_fc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215_fc:-:*:*:*:*:*:*:*

Configuration 67 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1215c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1215c:-:*:*:*:*:*:*:*

Configuration 68 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1200_cpu_1217c_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1200_cpu_1217c:-:*:*:*:*:*:*:*

Configuration 69 (hide)

AND

cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp:-:*:*:*:*:*:*:*

Configuration 70 (hide)

AND

cpe:2.3:o:siemens:sinamics_connect_300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:sinamics_connect_300:-:*:*:*:*:*:*:*

Configuration 71 (hide)

AND

cpe:2.3:o:siemens:tim_1531_irc_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:tim_1531_irc:-:*:*:*:*:*:*:*

Configuration 72 (hide)

OR	cpe:2.3:a:siemens:simatic_wincc_runtime_advanced::::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp2_update1::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp1::::::
	cpe:2.3:a:siemens:sinema_server:14.0:sp2::::::
	cpe:2.3:a:siemens:sinema_server:14.0:-::::::
	cpe:2.3:a:siemens:simatic_logon::::::::
	cpe:2.3:a:siemens:simatic_logon:1.5:sp3_update_1::::::
	cpe:2.3:a:siemens:simatic_wincc_telecontrol:-:::::::*
	cpe:2.3:a:siemens:sinec_nms:1.0:sp1::::::
	cpe:2.3:a:siemens:sinec_nms:1.0:-::::::
	cpe:2.3:a:siemens:sinec_pni:-:::::::*
	cpe:2.3:a:siemens:sinema_server:14.0:sp2_update2::::::
	cpe:2.3:a:siemens:sinumerik_opc_ua_server::::::::
	cpe:2.3:a:siemens:tia_administrator::::::::

Configuration 73 (hide)

cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*

Configuration 74 (hide)

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*

Information

Published : 2021-03-25 08:15

Updated : 2022-08-29 13:27

NVD link : CVE-2021-3449

Mitre link : CVE-2021-3449

JSON object : View

CWE

CWE-476

NULL Pointer Dereference

Products Affected

oracle

graalvm
jd_edwards_world_security
zfs_storage_appliance_kit
mysql_workbench
primavera_unifier
secure_global_desktop
enterprise_manager_for_storage_management
communications_communications_policy_management
essbase
mysql_connectors
mysql_server
secure_backup
peoplesoft_enterprise_peopletools
jd_edwards_enterpriseone_tools

sonicwall

sma100
capture_client
sonicos
sma100_firmware

siemens

simatic_net_cp1243-7_lte_us
simatic_hmi_comfort_outdoor_panels_firmware
simatic_rf185c
sinec_pni
simatic_net_cp_1243-1
simatic_net_cp_1542sp-1_irc
simatic_hmi_ktp_mobile_panels
scalance_s627-2m
simatic_net_cp_1543sp-1
scalance_lpe9403_firmware
simatic_cloud_connect_7_firmware
scalance_xf-200ba
scalance_w1700_firmware
scalance_s615
simatic_net_cp_1545-1
simatic_s7-1200_cpu_1211c_firmware
simatic_net_cp_1243-8_irc_firmware
simatic_cloud_connect_7
simatic_process_historian_opc_ua_server_firmware
scalance_xr528-6m_firmware
simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware
scalance_xb-200
scalance_sc-600_firmware
scalance_xp-200_firmware
simatic_s7-1200_cpu_1215c_firmware
simatic_rf186c
simatic_process_historian_opc_ua_server
scalance_xf-200ba_firmware
simatic_hmi_basic_panels_2nd_generation_firmware
scalance_xr524-8c
simatic_rf166c
simatic_s7-1200_cpu_1215c
simatic_wincc_telecontrol
simatic_rf188c
simatic_rf360r
simatic_s7-1200_cpu_1215_fc_firmware
simatic_rf185c_firmware
simatic_net_cp_1243-8_irc
simatic_net_cp_1545-1_firmware
simatic_pcs_neo
tim_1531_irc
scalance_xc-200
simatic_hmi_comfort_outdoor_panels
simatic_s7-1200_cpu_1217c_firmware
simatic_mv500_firmware
simatic_net_cp1243-7_lte_us_firmware
simatic_s7-1200_cpu_1211c
sinec_infrastructure_network_services
simatic_pdm_firmware
simatic_s7-1200_cpu_1212c
tia_administrator
simatic_wincc_runtime_advanced
simatic_cp_1242-7_gprs_v2
simatic_hmi_basic_panels_2nd_generation
scalance_xr-300wg
simatic_cp_1242-7_gprs_v2_firmware
simatic_mv500
tim_1531_irc_firmware
simatic_s7-1200_cpu_1215_fc
simatic_rf186ci
scalance_s627-2m_firmware
sinec_nms
simatic_rf188ci_firmware
simatic_s7-1200_cpu_1212fc
simatic_pdm
scalance_m-800_firmware
simatic_net_cp_1543sp-1_firmware
scalance_s602
simatic_hmi_ktp_mobile_panels_firmware
scalance_s623
scalance_sc-600
scalance_m-800
simatic_rf360r_firmware
sinema_server
scalance_s623_firmware
scalance_xp-200
scalance_s612
scalance_xr528-6m
simatic_logon
simatic_pcs_neo_firmware
simatic_s7-1200_cpu_1214c_firmware
sinamics_connect_300_firmware
sinumerik_opc_ua_server
simatic_net_cp_1543-1
simatic_net_cp_1543-1_firmware
sinamics_connect_300
simatic_rf166c_firmware
simatic_net_cp1243-7_lte_eu_firmware
scalance_xm-400
simatic_pcs_7_telecontrol
scalance_s612_firmware
scalance_xb-200_firmware
simatic_rf188ci
simatic_net_cp1243-7_lte_eu
simatic_s7-1200_cpu_1214c
simatic_rf186c_firmware
scalance_xr552-12_firmware
simatic_rf186ci_firmware
ruggedcom_rcm1224
simatic_s7-1200_cpu_1214_fc_firmware
simatic_s7-1200_cpu_1217c
scalance_w700
scalance_xc-200_firmware
simatic_s7-1200_cpu_1214_fc
simatic_net_cp_1542sp-1_irc_firmware
scalance_lpe9403
scalance_xr526-8c
simatic_s7-1200_cpu_1212fc_firmware
scalance_xm-400_firmware
simatic_net_cp_1243-1_firmware
scalance_xr524-8c_firmware
simatic_s7-1500_cpu_1518-4_pn\/dp_mfp
simatic_s7-1200_cpu_1212c_firmware
scalance_s602_firmware
scalance_xr552-12
scalance_xr-300wg_firmware
scalance_s615_firmware
scalance_w700_firmware
scalance_xr526-8c_firmware
scalance_w1700
ruggedcom_rcm1224_firmware
simatic_pcs_7_telecontrol_firmware
simatic_rf188c_firmware

netapp

active_iq_unified_manager
ontap_select_deploy_administration_utility
e-series_performance_analyzer
cloud_volumes_ontap_mediator
oncommand_insight
oncommand_workflow_automation
storagegrid
snapcenter
santricity_smi-s_provider

mcafee

web_gateway
web_gateway_cloud_service

tenable

log_correlation_engine
tenable.sc
nessus
nessus_network_monitor

checkpoint

quantum_security_management
multi-domain_management_firmware
quantum_security_gateway
quantum_security_gateway_firmware
quantum_security_management_firmware
multi-domain_management

fedoraproject

fedora

debian

debian_linux

nodejs

node.js

freebsd

freebsd

openssl

openssl

5.9 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.3 /10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-3449

5.9^/10

4.3^/10

Attach tags to `CVE-2021-3449`