Siemens APOGEE and TALON

🗓️ 14 Sep 2021 00:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics

ics🔗 www.cisa.gov👁 29 Views

SIEMENS Buffer Overflow Risk on APOGEE and TALO

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability in the embedded web-server microprogramming software of controllers APOGEE MBC, APOGEE MEC, APOGEE PXC, and TALON TC allows a perpetrator to execute arbitrary code.	29 Sep 202100:00	–	bdu_fstec
Circl	CVE-2021-27391	14 Sep 202114:21	–	circl
CNNVD	Siemens APOGEE MBC 缓冲区错误漏洞	14 Sep 202100:00	–	cnnvd
CNVD	Buffer Overflow Vulnerability in Multiple Siemens APOGEE MBC Products	15 Sep 202100:00	–	cnvd
CVE	CVE-2021-27391	14 Sep 202110:47	–	cve
Cvelist	CVE-2021-27391	14 Sep 202110:47	–	cvelist
EUVD	EUVD-2021-14146	7 Oct 202500:30	–	euvd
NVD	CVE-2021-27391	14 Sep 202111:15	–	nvd
OSV	CVE-2021-27391	14 Sep 202111:15	–	osv
Prion	Buffer overflow	14 Sep 202111:15	–	prion

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/csaf/ssa-944498.json
cert-portal	www.cert-portal.siemens.com/productcert/txt/ssa-944498.txt
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-257-07.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-21-257-07
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf

14 Sep 2021 00:00Current

10High risk

Vulners AI Score10

CVSS 3.19.8

CVSS 210

EPSS0.0286

SSVC

siemens apogee talon buffer overflow remote exploit root access vulnerable products security advisory risk mitigations control systems