CVE-2021-3580: A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated…

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 ICS Advisory ## Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 Release DateDecember 14, 2023 Alert CodeICSA-23-348-10 As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF ## 1. EXECUTIVE SUMMARY - CVSS v3 9.8 - ATTENTION: Exploitable remotely/low attack complexity - Vendor: Siemens - Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1 - Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss

CVE-2021-3580 [HIGH] CWE-20 A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified,

CVE-2018-16869 [MEDIUM] Nettle vulnerabilities Title: Nettle vulnerabilities Summary: Several security issues were fixed in Nettle. It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. (CVE-2021-3580) It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16869) Instructions: In general, a standard system update will make all the necessary changes.

CVE-2021-3580 [HIGH] CWE-20 nettle: Remote crash in RSA decryption via manipulated ciphertext nettle: Remote crash in RSA decryption via manipulated ciphertext A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. A flaw was found in nettle in the way its RSA decryption functions handle specially crafted ciphertext. This flaw allows an attacker to provide a manipulated ciphertext, leading to an application crash and a denial of service. Mitigation: As per upstream: For applications that want to support older versions of nettle, the bug can be worked around by adding a check that the RSA ciphertext is in the range 0 < ciphertext < n, before attempting to decrypt it. Package: nettle (Red Hat Enterprise Linux 7) - Wil

CVE-2021-3580 [HIGH] CVE-2021-3580: nettle - A flaw was found in the way nettle's RSA decryption functions handled specially ... A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. Scope: local bookworm: resolved (fixed in 3.7.3-1) bullseye: resolved (fixed in 3.7.3-1) forky: resolved (fixed in 3.7.3-1) sid: resolved (fixed in 3.7.3-1) trixie: resolved (fixed in 3.7.3-1)

CVE-2020-3580 [MEDIUM] CWE-79 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities Update June 28, 2021: Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited. Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuadi

CVE-2020-3583 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities CVE-2020-3583: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities Update June 28, 2021 : Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited. Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabiliti

CVE-2020-3581 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities CVE-2020-3581: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities Update June 28, 2021 : Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited. Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabiliti

CVE-2020-3580 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities CVE-2020-3580: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities Update June 28, 2021 : Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited. Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabiliti

CVE-2020-3582 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities CVE-2020-3582: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Interface Cross-Site Scripting Vulnerabilities Update June 28, 2021 : Cisco has become aware that public exploit code exists for CVE-2020-3580, and this vulnerability is being actively exploited. Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabiliti

CVE-2021-3580 [HIGH] CWE-20 GHSA-52fp-4722-wcjw: A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

CVE-2021-3580 [HIGH] CVE-2021-3580: A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

CVE-2021-3580 [MEDIUM] nettle vulnerabilities nettle vulnerabilities It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. (CVE-2021-3580) It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-16869)