Siemens SCALANCE S602 FIRMWARE 4.1

CPE Details

Siemens SCALANCE S602 FIRMWARE 4.1
siemens
scalance_s602_firmware
4.1
2021-09-03
10h11 +00:00
2021-09-03
18h17 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:siemens:scalance_s602_firmware:4.1:*:*:*:*:*:*:*

Informations

Vendor

siemens

Product

scalance_s602_firmware

Version

4.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-3449 2021-03-25 14h25 +00:00 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
5.9
Medium
CVE-2018-16555 2018-12-13 15h00 +00:00 A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known.
5.4
Medium