A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf | |
https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf | Patch Vendor Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
08 Aug 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 | |
Summary | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition. | |
References |
|
22 Apr 2022, 19:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_4:*:*:*:*:*:*:*:* |
cpe:2.3:a:siemens:nucleus_readystart_v3:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_readystart_v4:*:*:*:*:*:*:*:* |
First Time |
Siemens nucleus Readystart V4
Siemens nucleus Readystart V3 |
11 Jan 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition. |
17 Nov 2021, 22:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition. |
12 Nov 2021, 20:01
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 7.4 |
CPE | cpe:2.3:o:siemens:nucleus_rtos:-:*:*:*:*:*:*:* |
cpe:2.3:a:siemens:capital_vstar:-:*:*:*:*:*:*:* |
10 Nov 2021, 01:16
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus 4 (All versions < V4.1.0), Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2017.02.3), Nucleus Source Code (versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), VSTAR (versions including affected DNS modules). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition. |
09 Nov 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (Versions including affected DNS modules), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition. | |
CWE | CWE-788 |
30 Apr 2021, 13:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 | |
CVSS |
v2 : v3 : |
v2 : 6.4
v3 : 9.1 |
CPE | cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simotics_connect_400:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:vstar:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:nucleus_rtos:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_4:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:simotics_connect_400_firmware:*:*:*:*:*:*:*:* |
|
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf - Patch, Vendor Advisory | |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf - Patch, Vendor Advisory |
22 Apr 2021, 21:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-22 21:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-27738
Mitre link : CVE-2020-27738
CVE.ORG link : CVE-2020-27738
JSON object : View
Products Affected
siemens
- nucleus_net
- nucleus_readystart_v4
- nucleus_readystart_v3
- simotics_connect_400_firmware
- nucleus_source_code
- simotics_connect_400