PT-2021-2648 · Siemens+1 · Apogee Pxc Modular+7
Published
2021-04-14
·
Updated
2023-08-08
·
CVE-2020-27738
CVSS v3.1
7.4
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
APOGEE PXC Compact (BACnet) versions prior to V3.5.5
APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.20
APOGEE PXC Modular (BACnet) versions prior to V3.5.5
APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.20
Nucleus NET (affected versions not specified)
Nucleus ReadyStart V3 versions prior to V2017.02.3
Nucleus ReadyStart V4 versions prior to V4.1.0
Nucleus Source Code (versions including affected DNS modules)
SIMOTICS CONNECT 400 versions prior to V0.5.0.0
TALON TC Compact (BACnet) versions prior to V3.5.5
TALON TC Modular (BACnet) versions prior to V3.5.5
Description
The issue is related to the DNS domain name record decompression functionality, which does not properly validate the pointer offset values. This could result in a read access past the end of an allocated structure when parsing malformed responses. An attacker with a privileged position in the network could leverage this to cause a denial-of-service condition.
Recommendations
For APOGEE PXC Compact (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later.
For APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.20, update to version V2.8.20 or later.
For APOGEE PXC Modular (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later.
For APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.20, update to version V2.8.20 or later.
For Nucleus NET, contact the vendor for guidance on updating or patching.
For Nucleus ReadyStart V3 versions prior to V2017.02.3, update to version V2017.02.3 or later.
For Nucleus ReadyStart V4 versions prior to V4.1.0, update to version V4.1.0 or later.
For Nucleus Source Code, ensure that any included DNS modules are updated to a version that does not include the vulnerability.
For SIMOTICS CONNECT 400 versions prior to V0.5.0.0, update to version V0.5.0.0 or later.
For TALON TC Compact (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later.
For TALON TC Modular (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later.
Fix
Access of Memory Location After End of Buffer
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apogee Pxc Compact
Apogee Pxc Modular
Nucleus Net
Nucleus Readystart
Nucleus Source Code
Simotics Connect 400
Talon Tc Compact
Talon Tc Modular