CVE-2020-15795

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:06

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf - () https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf -
References () https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf - Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf - Vendor Advisory

08 Aug 2023, 10:15

Type Values Removed Values Added
References
  • {'url': 'https://us-cert.cisa.gov/ics/advisories/icsa-21-103-04', 'name': 'https://us-cert.cisa.gov/ics/advisories/icsa-21-103-04', 'tags': ['Third Party Advisory', 'US Government Resource'], 'refsource': 'CONFIRM'}
  • (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf -
Summary A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.

Information

Published : 2021-04-22 21:15

Updated : 2024-11-21 05:06


NVD link : CVE-2020-15795

Mitre link : CVE-2020-15795

CVE.ORG link : CVE-2020-15795


JSON object : View

Products Affected

siemens

  • nucleus_source_code
  • nucleus_net
CWE
CWE-787

Out-of-bounds Write