Lucene search

[email protected]CVE-2021-27391

HistorySep 14, 2021 - 11:15 a.m.

CVE-2021-27391

2021-09-1411:15:23

CWE-120

[email protected]

web.nvd.nist.gov

cve-2021-27391

apogee mbc

apogee mec

apogee pxc compact

apogee pxc modular

talon tc compact

talon tc modular

buffer overflow

remote code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.4%

JSON

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

Affected configurations

NVD

Node

siemensapogee_mbc_\(ppc\)_\(p2_ethernet\)_firmwareRange≤2.6.3

AND

siemensapogee_mbc_\(ppc\)_\(p2_ethernet\)

Node

siemensapogee_mec_\(ppc\)_\(p2_ethernet\)_firmwareRange≤2.6.3

AND

siemensapogee_mec_\(ppc\)_\(p2_ethernet\)

Node

siemensapogee_pxc_bacnet_automation_controller_firmwareRange<3.5.3

AND

siemensapogee_pxc_bacnet_automation_controllerMatch-

Node

siemensapogee_pxc_compact_\(p2_ethernet\)_firmwareRange≤2.8

AND

siemensapogee_pxc_compact_\(p2_ethernet\)

Node

siemensapogee_pxc_modular_\(bacnet\)_firmwareRange<3.5.3

AND

siemensapogee_pxc_modular_\(bacnet\)

Node

siemensapogee_pxc_modular_\(p2_ethernet\)_firmwareRange≤2.8

AND

siemensapogee_pxc_modular_\(p2_ethernet\)

Node

siemenstalon_tc_compact_\(bacnet\)_firmwareRange<3.5.3

AND

siemenstalon_tc_compact_\(bacnet\)

Node

siemenstalon_tc_modular_\(bacnet\)_firmwareRange<3.5.3

AND

siemenstalon_tc_modular_\(bacnet\)

CPENameOperatorVersion
siemens:apogee_mbc_\(ppc\)_\(p2_ethernet\)_firmwaresiemens apogee mbc (ppc) (p2 ethernet) firmwarele2.6.3

CPE	Name	Operator	Version
siemens:apogee_mbc_\(ppc\)_\(p2_ethernet\)_firmware	siemens apogee mbc (ppc) (p2 ethernet) firmware	le	2.6.3

CNA Affected

[
  {
    "product": "APOGEE MBC (PPC) (P2 Ethernet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.6.3"
      }
    ]
  },
  {
    "product": "APOGEE MEC (PPC) (P2 Ethernet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.6.3"
      }
    ]
  },
  {
    "product": "APOGEE PXC Compact (BACnet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.5.3"
      }
    ]
  },
  {
    "product": "APOGEE PXC Compact (P2 Ethernet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.8"
      }
    ]
  },
  {
    "product": "APOGEE PXC Modular (BACnet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.5.3"
      }
    ]
  },
  {
    "product": "APOGEE PXC Modular (P2 Ethernet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions >= V2.8"
      }
    ]
  },
  {
    "product": "TALON TC Compact (BACnet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.5.3"
      }
    ]
  },
  {
    "product": "TALON TC Modular (BACnet)",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V3.5.3"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.4%

JSON

Related for CVE-2021-27391

ics1 prion1 nvd1 cvelist1 nessus1 cnvd1