DNS Domain Name Record Vulnerability in APOGEE and TALON Systems by Siemens
CVE-2020-27009

8.1HIGH

Key Information:

Vendor: Siemens
Status: Apogee Pxc Compact (bacnet); Apogee Pxc Compact (p2 Ethernet); Apogee Pxc Modular (bacnet); Apogee Pxc Modular (p2 Ethernet)
Vendor: CVE Published:; 22 April 2021

What is CVE-2020-27009?

A vulnerability exists in Siemens' APOGEE and TALON systems where the DNS domain name record decompression functionality fails to validate pointer offset values correctly. This flaw allows an attacker with access to the network to send malformed DNS responses, which can lead to writing beyond the allocated memory. Exploitation of this vulnerability could enable the attacker to execute arbitrary code in the context of the affected process or trigger a denial-of-service condition.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

APOGEE PXC Compact (BACnet) All versions < V3.5.5

APOGEE PXC Compact (P2 Ethernet) All versions < V2.8.20

APOGEE PXC Modular (BACnet) All versions < V3.5.5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-18569...

https://cert-portal.siemens.com/productcert/pdf/ssa-18057...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Oct 12, 2020

JSON

Siemens

What is CVE-2020-27009?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.