CVE-2020-27738

🗓️ 22 Apr 2021 20:42:20Reported by siemensType

A vulnerability in multiple Siemens products allows a privileged network attacker to cause a denial-of-service

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the DNS record unpacking function in the Simotics Connect 400 hardware-software complex allows a perpetrator to cause a service failure.	21 Apr 202100:00	–	bdu_fstec
CNNVD	多款siemens产品缓冲区错误漏洞	13 Apr 202100:00	–	cnnvd
CNVD	Siemens SIMOTICS CONNECT 400 Denial of Service Vulnerability (CNVD-2021-28705)	15 Apr 202100:00	–	cnvd
CVE	CVE-2020-27738	22 Apr 202120:42	–	cve
EUVD	EUVD-2020-20242	7 Oct 202500:30	–	euvd
F5 Networks	K70746705: Multiple NAME:WRECK vulnerabilities	21 Feb 202319:58	–	f5
ICS	Siemens SIMOTICS CONNECT 400 (Update A)	13 Apr 202100:00	–	ics
NVD	CVE-2020-27738	22 Apr 202121:15	–	nvd
OSV	CVE-2020-27738	22 Apr 202121:15	–	osv
Prion	Race condition	22 Apr 202121:15	–	prion

[
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Compact (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Compact (P2 Ethernet)",
    "versions": [
      {
        "version": "All versions < V2.8.20",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Modular (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Modular (P2 Ethernet)",
    "versions": [
      {
        "version": "All versions < V2.8.20",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus NET",
    "versions": [
      {
        "version": "All versions",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus ReadyStart V3",
    "versions": [
      {
        "version": "All versions < V2017.02.3",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus ReadyStart V4",
    "versions": [
      {
        "version": "All versions < V4.1.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "Nucleus Source Code",
    "versions": [
      {
        "version": "Versions including affected DNS modules",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "SIMOTICS CONNECT 400",
    "versions": [
      {
        "version": "All versions < V0.5.0.0",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TALON TC Compact (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TALON TC Modular (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf

08 Aug 2023 09:20Current

7.1High risk

Vulners AI Score7.1

CVSS 3.16.5

EPSS0.03659

CWE-788