Vulnerability in APOGEE and TALON Systems Affects Network Operations
CVE-2020-15795

8.1HIGH

Key Information:

Vendor

Siemens
Status
Apogee Pxc Compact (bacnet)
Apogee Pxc Compact (p2 Ethernet)
Apogee Pxc Modular (bacnet)
Apogee Pxc Modular (p2 Ethernet)
Vendor
CVE Published:
22 April 2021

What is CVE-2020-15795?

A vulnerability exists in various Siemens APOGEE and TALON systems due to improper validation of DNS domain name label parsing. This flaw can lead to a write past the end of an allocated structure. An attacker with a privileged network position may exploit this vulnerability to execute arbitrary code within the context of the affected process, potentially leading to unauthorized access or even a denial-of-service condition. It is crucial for organizations using these systems to promptly assess their current versions and apply necessary updates to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

APOGEE PXC Compact (BACnet) All versions < V3.5.5

APOGEE PXC Compact (P2 Ethernet) All versions < V2.8.20

APOGEE PXC Modular (BACnet) All versions < V3.5.5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-18569...
https://cert-portal.siemens.com/productcert/pdf/ssa-18057...

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.