all InfoSec news
SSA-408105 V1.1 (Last Update: 2023-04-11): Buffer Overflow Vulnerabilities in OpenSSL 3.0 Affecting Siemens Products
Siemens ProductCERT Security Advisories cert-portal.siemens.com
The openSSL component, versions 3.0.0 through 3.0.6, contains two buffer overflow vulnerabilities (CVE-2022-3602, CVE-2022-3786) in the X.509 certificate verification [0]. They could allow an attacker to create a denial of service condition or execute arbitrary code on a vulnerable TLS server (if the server requests client certificate authentication), or on a vulnerable TLS client.
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for …
arbitrary code attacker buffer buffer overflow buffer overflow vulnerabilities certificate client code cve cve-2022-3602 cve-2022-3786 denial of service openssl overflow products requests server service siemens ssa tls update verification vulnerabilities vulnerable x.509 certificate