A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf | |
https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf | Patch Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
08 Aug 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure. | |
References |
|
29 Apr 2022, 02:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_4:*:*:*:*:*:*:*:* |
cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_readystart_v4:*:*:*:*:*:*:*:* |
First Time |
Siemens nucleus Readystart V4
Siemens nucleus Readystart V3 |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure. |
08 Mar 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure. |
11 Jan 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure. |
17 Nov 2021, 22:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure. |
12 Nov 2021, 19:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:siemens:nucleus_rtos:-:*:*:*:*:*:*:* |
cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:* |
10 Nov 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure. |
09 Nov 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure. |
30 Apr 2021, 14:45
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 6.5 |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf - Patch, Vendor Advisory | |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf - Patch, Vendor Advisory | |
CPE | cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simotics_connect_400:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:vstar:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:nucleus_rtos:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_4:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simotics_connect_400_firmware:*:*:*:*:*:*:*:* |
22 Apr 2021, 21:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-22 21:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-27737
Mitre link : CVE-2020-27737
CVE.ORG link : CVE-2020-27737
JSON object : View
Products Affected
siemens
- nucleus_readystart_v4
- nucleus_readystart_v3
- simotics_connect_400_firmware
- simotics_connect_400
- nucleus_source_code
- nucleus_net
CWE
CWE-125
Out-of-bounds Read