DNS Parsing Vulnerability in Multiple APOGEE and Nucleus Products
CVE-2020-27736

6.5MEDIUM

Key Information:

Vendor
Siemens
Status
Apogee Pxc Compact (bacnet)
Apogee Pxc Compact (p2 Ethernet)
Apogee Pxc Modular (bacnet)
Apogee Pxc Modular (p2 Ethernet)
Vendor
CVE Published:
22 April 2021

Summary

A serious vulnerability exists in various APOGEE and Nucleus products due to improper validation of the null-terminated name in DNS responses. This flaw can lead to a read operation extending beyond allocated memory structures. If exploited by an attacker with a privileged network position, it may result in a denial-of-service condition or unauthorized memory access, creating a significant security risk.

Affected Version(s)

APOGEE PXC Compact (BACnet) All versions < V3.5.5

APOGEE PXC Compact (P2 Ethernet) All versions < V2.8.20

APOGEE PXC Modular (BACnet) All versions < V3.5.5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-70511...
https://cert-portal.siemens.com/productcert/pdf/ssa-66915...
https://cert-portal.siemens.com/productcert/pdf/ssa-18057...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.