All news with #openssl tag

Siemens OpenSSL ASN.1 Out-of-Bounds Read Affects Devices

🔒 Siemens products that include vulnerable OpenSSL libraries are affected by an out-of-bounds read (CVE-2021-3712) that may be exploited remotely and carries a CVSS v3.1 base score of 7.4. A broad set of industrial networking and automation devices — including SCALANCE, RUGGEDCOM, SIMATIC, SINEMA, SINUMERIK, TIA and Industrial Edge apps — are listed as impacted. OpenSSL fixes are available in 1.1.1l and 1.0.2za; Siemens has published product updates and mitigations where possible. CISA and Siemens recommend applying vendor-supplied updates, minimizing network exposure, isolating control networks, and using secure remote access until fixes are deployed.

Siemens OpenSSL Infinite Loop Vulnerability Advisory

🔒 CISA republished an advisory describing a Siemens-reported OpenSSL bug (CVE-2022-0778) that can cause an infinite loop during certificate parsing in many Siemens products. The issue affects multiple product families and has a CVSS v3.1 base score of 7.5, allowing remote denial-of-service with low attack complexity. Siemens has published firmware and software updates and recommends applying vendor updates, restricting network access to affected interfaces, and following product hardening guidance where fixes are not yet available.

Testing Post-Quantum TLS in Python with OpenSSL 3.5

🔐 AWS provides a containerized sample to test post-quantum hybrid TLS (PQ TLS) from Python by bundling OpenSSL 3.5 with a standard interpreter and common libraries. The sample demonstrates hybrid key exchange using ML-KEM alongside classical algorithms and includes examples for boto3/AWS CLI, requests, and low-level ssl sockets. It also shows how to capture traffic and confirm PQ negotiation in TLS handshakes.