CVE-2020-27737

Name of the Vulnerable Software and Affected Versions APOGEE PXC Compact (BACnet) versions prior to V3.5.5 APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.20 APOGEE PXC Modular (BACnet) versions prior to V3.5.5 APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.20 Nucleus NET (affected versions not specified) Nucleus ReadyStart V3 versions prior to V2017.02.3 Nucleus ReadyStart V4 versions prior to V4.1.0 Nucleus Source Code (affected versions not specified) SIMOTICS CONNECT 400 versions prior to V0.5.0.0 TALON TC Compact (BACnet) versions prior to V3.5.5 TALON TC Modular (BACnet) versions prior to V3.5.5

Description The issue concerns the DNS response parsing functionality, which fails to properly validate various lengths and counts of records. This can lead to a read past the end of an allocated structure when parsing malformed responses. An attacker with a privileged network position could exploit this to cause a denial-of-service condition or leak memory past the allocated structure. The vulnerability is related to a buffer overflow in the DNS record parsing function, allowing a remote attacker to potentially cause a service disruption.

Recommendations For APOGEE PXC Compact (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later. For APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.20, update to version V2.8.20 or later. For APOGEE PXC Modular (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later. For APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.20, update to version V2.8.20 or later. For Nucleus NET, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Nucleus ReadyStart V3 versions prior to V2017.02.3, update to version V2017.02.3 or later. For Nucleus ReadyStart V4 versions prior to V4.1.0, update to version V4.1.0 or later. For Nucleus Source Code, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SIMOTICS CONNECT 400 versions prior to V0.5.0.0, update to version V0.5.0.0 or later. For TALON TC Compact (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later. For TALON TC Modular (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later.