siemens nucleus-net CVE-2020-27738 vulnerability in Siemens Products
Published on April 22, 2021

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.

NVD

Weakness Type

Access of Memory Location After End of Buffer

The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer. This typically occurs when a pointer or its index is decremented to a position before the buffer; when pointer arithmetic results in a position before the buffer; or when a negative index is used, which generates a position before the buffer.


Products Associated with CVE-2020-27738

Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.

Siemens Nucleus Net
 
Siemens Nucleus Rtos
 
Siemens Vstar
 
Siemens Nucleus Source Code
 
Siemens Nucleus 4
 
Siemens Nucleus Readystart
 
Siemens Capital Vstar
 
Siemens Nucleus Readystart V3
 
Siemens Nucleus Readystart V4
 

Affected Versions

Siemens APOGEE PXC Compact (BACnet): Siemens APOGEE PXC Compact (P2 Ethernet): Siemens APOGEE PXC Modular (BACnet): Siemens APOGEE PXC Modular (P2 Ethernet): Siemens Nucleus NET: Siemens Nucleus ReadyStart V3: Siemens Nucleus ReadyStart V4: Siemens Nucleus Source Code: Siemens SIMOTICS CONNECT 400: Siemens TALON TC Compact (BACnet): Siemens TALON TC Modular (BACnet):

Exploit Probability

EPSS
0.87%
Percentile
74.85%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.