Lucene search

HistoryAug 10, 2021 - 12:00 a.m.

Siemens Simatic Improper Restriction of Operations within the Bounds of a Memory Buffer

2021-08-1000:00:00

www.tenable.com

siemens simatic

memory buffer

operation restriction

file data

scanner

EPSS

0.974

Percentile

99.9%

JSON

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

File data ot_500424.nasl

References

advisories.mageia.org/MGASA-2014-0165.html

blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/

cogentdatahub.com/ReleaseNotes.html

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

download.schneider-electric.com/files?p_Doc_Ref=SEVD%202014-119-01

git.openssl.org/gitweb/?p=openssl.git;a=commit;h=96db9023b881d7cd9f379b0c154650d6c108e9a3

heartbleed.com/

lists.fedoraproject.org/pipermail/package-announce/2014-April/131221.html

lists.fedoraproject.org/pipermail/package-announce/2014-April/131291.html

lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html

lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html

lists.opensuse.org/opensuse-updates/2014-04/msg00061.html

marc.info/?l=bugtraq&m=139722163017074&w=2

marc.info/?l=bugtraq&m=139757726426985&w=2

marc.info/?l=bugtraq&m=139757819327350&w=2

marc.info/?l=bugtraq&m=139757919027752&w=2

marc.info/?l=bugtraq&m=139758572430452&w=2

marc.info/?l=bugtraq&m=139765756720506&w=2

marc.info/?l=bugtraq&m=139774054614965&w=2

marc.info/?l=bugtraq&m=139774703817488&w=2

marc.info/?l=bugtraq&m=139808058921905&w=2

marc.info/?l=bugtraq&m=139817685517037&w=2

marc.info/?l=bugtraq&m=139817727317190&w=2

marc.info/?l=bugtraq&m=139817782017443&w=2

marc.info/?l=bugtraq&m=139824923705461&w=2

marc.info/?l=bugtraq&m=139824993005633&w=2

marc.info/?l=bugtraq&m=139833395230364&w=2

marc.info/?l=bugtraq&m=139835815211508&w=2

marc.info/?l=bugtraq&m=139835844111589&w=2

marc.info/?l=bugtraq&m=139836085512508&w=2

marc.info/?l=bugtraq&m=139842151128341&w=2

marc.info/?l=bugtraq&m=139843768401936&w=2

marc.info/?l=bugtraq&m=139869720529462&w=2

marc.info/?l=bugtraq&m=139869891830365&w=2

marc.info/?l=bugtraq&m=139889113431619&w=2

marc.info/?l=bugtraq&m=139889295732144&w=2

marc.info/?l=bugtraq&m=139905202427693&w=2

marc.info/?l=bugtraq&m=139905243827825&w=2

marc.info/?l=bugtraq&m=139905295427946&w=2

marc.info/?l=bugtraq&m=139905351928096&w=2

marc.info/?l=bugtraq&m=139905405728262&w=2

marc.info/?l=bugtraq&m=139905458328378&w=2

marc.info/?l=bugtraq&m=139905653828999&w=2

marc.info/?l=bugtraq&m=139905868529690&w=2

marc.info/?l=bugtraq&m=140015787404650&w=2

marc.info/?l=bugtraq&m=140075368411126&w=2

marc.info/?l=bugtraq&m=140724451518351&w=2

marc.info/?l=bugtraq&m=140752315422991&w=2

marc.info/?l=bugtraq&m=141287864628122&w=2

marc.info/?l=bugtraq&m=142660345230545&w=2

public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=1

public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=3

rhn.redhat.com/errata/RHSA-2014-0376.html

rhn.redhat.com/errata/RHSA-2014-0377.html

rhn.redhat.com/errata/RHSA-2014-0378.html

rhn.redhat.com/errata/RHSA-2014-0396.html

seclists.org/fulldisclosure/2014/Apr/109

seclists.org/fulldisclosure/2014/Apr/173

seclists.org/fulldisclosure/2014/Apr/190

seclists.org/fulldisclosure/2014/Apr/90

seclists.org/fulldisclosure/2014/Apr/91

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/57347

secunia.com/advisories/57483

secunia.com/advisories/57721

secunia.com/advisories/57836

secunia.com/advisories/57966

secunia.com/advisories/57968

secunia.com/advisories/59139

secunia.com/advisories/59243

secunia.com/advisories/59347

support.citrix.com/article/CTX140605

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

www-01.ibm.com/support/docview.wss?uid=isg400001841

www-01.ibm.com/support/docview.wss?uid=isg400001843

www-01.ibm.com/support/docview.wss?uid=ssg1S1004661

www-01.ibm.com/support/docview.wss?uid=swg21670161

www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf

www.blackberry.com/btsc/KB35882

www.debian.org/security/2014/dsa-2896

www.exploit-db.com/exploits/32745

www.exploit-db.com/exploits/32764

www.f-secure.com/en/web/labs_global/fsc-2014-1

www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/

www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf

www.kb.cert.org/vuls/id/720951

www.kerio.com/support/kerio-control/release-history

www.mandriva.com/security/advisories?name=MDVSA-2015:062

www.openssl.org/news/secadv_20140407.txt

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/66690

www.securitytracker.com/id/1030026

www.securitytracker.com/id/1030074

www.securitytracker.com/id/1030077

www.securitytracker.com/id/1030078

www.securitytracker.com/id/1030079

www.securitytracker.com/id/1030080

www.securitytracker.com/id/1030081

www.securitytracker.com/id/1030082

www.splunk.com/view/SP-CAAAMB3

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160512_00

www.ubuntu.com/usn/USN-2165-1

www.us-cert.gov/ncas/alerts/TA14-098A

www.vmware.com/security/advisories/VMSA-2014-0012.html

www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0

blog.torproject.org/blog/openssl-bug-cve-2014-0160

bugzilla.redhat.com/show_bug.cgi?id=1084875

cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf

code.google.com/p/mod-spdy/issues/detail?id=85

filezilla-project.org/versions.php?type=server

gist.github.com/chapmajs/10473815

h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04260637-4%257CdocLocale%253Den_US%257CcalledBy%253DSearch_Result&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E

lists.balabit.hu/pipermail/syslog-ng-announce/2014-April/000184.html

sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html

support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217

www.cert.fi/en/reports/2014/vulnerability788210.html

www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008