CVE-2020-27738

EPSS 0.87%
Published 22.04.2021 21:15:09
Last modified 21.11.2024 05:21:43
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.

Affected products Warnungen 0 Metrics 4 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Simotics Connect 400 Firmware Version < 0.5.0.0

Siemens ≫ Simotics Connect 400 Version-

Siemens ≫ Nucleus Net

Siemens ≫ Nucleus Readystart V3 Version < 2017.02.3

Siemens ≫ Nucleus Readystart V4 Version < 4.1.0

Siemens ≫ Nucleus Source Code Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.87%	0.739

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P
productcert@siemens.com	6.5	2.2	4.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-788 Access of Memory Location After End of Buffer

The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf

Patch

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-27738

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-27738

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-27738

EUVD