Siemens SCALANCE XM-400 Firmware 6.0

CPE Details

Siemens SCALANCE XM-400 Firmware 6.0
siemens
scalance_xm-400_firmware
6.0
2020-02-24
14h00 +00:00
2020-02-24
14h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:siemens:scalance_xm-400_firmware:6.0:*:*:*:*:*:*:*

Informations

Vendor

siemens

Product

scalance_xm-400_firmware

Version

6.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-28393 2021-05-12 11h18 +00:00 An unauthenticated remote attacker could create a permanent denial-of-service condition by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device on the SCALANCE XM-400, XR-500 (All versions prior to v6.4).
7.5
High
CVE-2021-3449 2021-03-25 14h25 +00:00 An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).
5.9
Medium