CVE-2020-27738

🗓️ 22 Apr 2021 20:42:20Reported by siemensType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 106 Views

Vulnerability in APOGEE PXC, Nucleus, SIMOTICS CONNECT 400, TALON TC. DNS record decompression validation issue

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the DNS record unpacking function in the Simotics Connect 400 hardware-software complex allows a perpetrator to cause a service failure.	21 Apr 202100:00	–	bdu_fstec
CNNVD	多款siemens产品缓冲区错误漏洞	13 Apr 202100:00	–	cnnvd
CNVD	Siemens SIMOTICS CONNECT 400 Denial of Service Vulnerability (CNVD-2021-28705)	15 Apr 202100:00	–	cnvd
Cvelist	CVE-2020-27738	22 Apr 202120:42	–	cvelist
EUVD	EUVD-2020-20242	7 Oct 202500:30	–	euvd
F5 Networks	K70746705: Multiple NAME:WRECK vulnerabilities	21 Feb 202319:58	–	f5
ICS	Siemens SIMOTICS CONNECT 400 (Update A)	13 Apr 202100:00	–	ics
NVD	CVE-2020-27738	22 Apr 202121:15	–	nvd
OSV	CVE-2020-27738	22 Apr 202121:15	–	osv
Prion	Race condition	22 Apr 202121:15	–	prion

NVD

Node

siemens simotics_connect_400_firmwareRange<0.5.0.0

AND

siemens simotics_connect_400Match-

Node

siemens nucleus_net

siemens nucleus_readystart_v3Range<2017.02.3

siemens nucleus_readystart_v4Range<4.1.0

siemens nucleus_source_codeMatch-

[
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Compact (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Compact (P2 Ethernet)",
    "versions": [
      {
        "version": "All versions < V2.8.20",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Modular (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Modular (P2 Ethernet)",
    "versions": [
      {
        "version": "All versions < V2.8.20",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus NET",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus ReadyStart V3",
    "versions": [
      {
        "version": "All versions < V2017.02.3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus ReadyStart V4",
    "versions": [
      {
        "version": "All versions < V4.1.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus Source Code",
    "versions": [
      {
        "version": "Versions including affected DNS modules",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTICS CONNECT 400",
    "versions": [
      {
        "version": "All versions < V0.5.0.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TALON TC Compact (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TALON TC Modular (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf

17 Jun 2026 03:09Current

7.2High risk

Vulners AI Score7.2

CVSS 25.8

CVSS 3.16.5 - 7.4

EPSS0.03659