Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Siemens Subscribe
Filtered by product Simatic Logon
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3449 12 Checkpoint, Debian, Fedoraproject and 9 more 167 Multi-domain Management, Multi-domain Management Firmware, Quantum Security Gateway and 164 more 2022-08-29 4.3 MEDIUM 5.9 MEDIUM
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
CVE-2017-2684 1 Siemens 1 Simatic Logon 2019-10-09 6.8 MEDIUM 9.0 CRITICAL
Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.
CVE-2017-9938 1 Siemens 1 Simatic Logon 2017-11-21 5.0 MEDIUM 7.5 HIGH
A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically.