CVE-2020-27738

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:simotics_connect_400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:simotics_connect_400:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_readystart_v4:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:21

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf - () https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf -
References () https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf - Patch, Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf - Patch, Vendor Advisory
References () https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf - Patch, Vendor Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf - Patch, Vendor Advisory
CVSS v2 : 5.8
v3 : 7.4
v2 : 5.8
v3 : 6.5

08 Aug 2023, 10:15

Type Values Removed Values Added
CWE CWE-788 CWE-119
References
  • (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf -
Summary A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition. A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.

Information

Published : 2021-04-22 21:15

Updated : 2024-11-21 05:21


NVD link : CVE-2020-27738

Mitre link : CVE-2020-27738

CVE.ORG link : CVE-2020-27738


JSON object : View

Products Affected

siemens

  • simotics_connect_400
  • nucleus_readystart_v4
  • nucleus_readystart_v3
  • simotics_connect_400_firmware
  • nucleus_source_code
  • nucleus_net
CWE
CWE-788

Access of Memory Location After End of Buffer

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer