Description

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.

Related CPE's

a

siemens

nucleus_net

Vulnerable

a

siemens

nucleus_source_code

-

Vulnerable

References

https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-787

[email protected]

Secondary
CWE-823

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-22T21:15:09.220

4 years ago

Last modified

2023-08-08T10:15:11.637

1 year ago