CVE-2020-27737 vulnerability in Siemens Products
Published on April 22, 2021

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure.

NVD

Weakness Type

Out-of-bounds Read

The software reads data past the end, or before the beginning, of the intended buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.

Products Associated with CVE-2020-27737

Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.

Siemens Nucleus 4

Siemens Nucleus Net

Siemens Nucleus Readystart

Siemens Nucleus Source Code

Siemens Vstar

Siemens Nucleus Rtos

Siemens Capital Vstar

Siemens Nucleus Readystart V3

Siemens Nucleus Readystart V4

Affected Versions

Siemens APOGEE PXC Compact (BACnet):

Version All versions < V3.5.5 is affected.

Siemens APOGEE PXC Compact (P2 Ethernet):

Version All versions < V2.8.20 is affected.

Siemens APOGEE PXC Modular (BACnet):

Version All versions < V3.5.5 is affected.

Siemens APOGEE PXC Modular (P2 Ethernet):

Version All versions < V2.8.20 is affected.

Siemens Nucleus NET:

Version All versions is affected.

Siemens Nucleus ReadyStart V3:

Version All versions < V2017.02.3 is affected.

Siemens Nucleus ReadyStart V4:

Version All versions < V4.1.0 is affected.

Siemens Nucleus Source Code:

Version Versions including affected DNS modules is affected.

Siemens SIMOTICS CONNECT 400:

Version All versions < V0.5.0.0 is affected.

Siemens TALON TC Compact (BACnet):

Version All versions < V3.5.5 is affected.

Siemens TALON TC Modular (BACnet):

Version All versions < V3.5.5 is affected.

Exploit Probability

EPSS

0.63%

Percentile

69.81%