A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf | |
https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
08 Aug 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. |
29 Apr 2022, 01:52
Type | Values Removed | Values Added |
---|---|---|
CPE |
11 Jan 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. |
17 Nov 2021, 22:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. |
10 Nov 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus RTOS (versions including affected DNS modules), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. |
09 Nov 2021, 21:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:siemens:nucleus_rtos:-:*:*:*:*:*:*:* |
cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:* |
09 Nov 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition. |
30 Apr 2021, 17:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:nucleus_rtos:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:vstar:-:*:*:*:*:*:*:* |
|
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf - Vendor Advisory | |
References | (CONFIRM) https://us-cert.cisa.gov/ics/advisories/icsa-21-103-04 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 8.1 |
23 Apr 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Apr 2021, 21:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-22 21:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-15795
Mitre link : CVE-2020-15795
CVE.ORG link : CVE-2020-15795
JSON object : View
Products Affected
siemens
- nucleus_net
- nucleus_source_code
CWE
CWE-787
Out-of-bounds Write