CVE-2020-27009

🗓️ 22 Apr 2021 20:42:19Reported by siemensType

Vulnerability in APOGEE and TALON device

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of the DNS name resolution function in Nucleus NET TCP/IP allows a attacker to execute arbitrary code.	21 Apr 202100:00	–	bdu_fstec
CNNVD	多款Siemens产品缓冲区错误漏洞	13 Apr 202100:00	–	cnnvd
CNVD	Siemens Nucleus Product Out-of-Bounds Write Vulnerability (CNVD-2021-28701)	13 Apr 202100:00	–	cnvd
CVE	CVE-2020-27009	22 Apr 202120:42	–	cve
EUVD	EUVD-2020-19533	7 Oct 202500:30	–	euvd
F5 Networks	K70746705: Multiple NAME:WRECK vulnerabilities	21 Feb 202319:58	–	f5
ICS	Siemens Nucleus Products DNS Module (Update A)	13 Apr 202100:00	–	ics
NVD	CVE-2020-27009	22 Apr 202121:15	–	nvd
Prion	Race condition	22 Apr 202121:15	–	prion
Positive Technologies	PT-2021-2645 · Unknown · Apogee Pxc Compact +5	14 Apr 202100:00	–	ptsecurity

[
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Compact (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Compact (P2 Ethernet)",
    "versions": [
      {
        "version": "All versions < V2.8.20",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Modular (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Modular (P2 Ethernet)",
    "versions": [
      {
        "version": "All versions < V2.8.20",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus NET",
    "versions": [
      {
        "version": "All versions < V5.2",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus Source Code",
    "versions": [
      {
        "version": "Versions including affected DNS modules",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TALON TC Compact (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TALON TC Modular (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf

08 Aug 2023 09:20Current

8.1High risk

Vulners AI Score8.1

CVSS 3.18.1

EPSS0.00686

CWE-823