Buffer overflow

2021-09-1411:15:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.5%

JSON

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

CPENameOperatorVersion
apogee_mbc_\\(ppc\\)_\\(p2_ethernet\\)_firmwarele2.6.3
apogee_mec_\\(ppc\\)_\\(p2_ethernet\\)_firmwarele2.6.3
apogee_pxc_bacnet_automation_controller_firmwarelt3.5.3
apogee_pxc_compact_\\(p2_ethernet\\)_firmwarele2.8
apogee_pxc_modular_\\(bacnet\\)_firmwarelt3.5.3
apogee_pxc_modular_\\(p2_ethernet\\)_firmwarele2.8
talon_tc_compact_\\(bacnet\\)_firmwarelt3.5.3
talon_tc_modular_\\(bacnet\\)_firmwarelt3.5.3

Name	Operator	Version
apogee_mbc_\\(ppc\\)_\\(p2_ethernet\\)_firmware	le	2.6.3
apogee_mec_\\(ppc\\)_\\(p2_ethernet\\)_firmware	le	2.6.3
apogee_pxc_bacnet_automation_controller_firmware	lt	3.5.3
apogee_pxc_compact_\\(p2_ethernet\\)_firmware	le	2.8
apogee_pxc_modular_\\(bacnet\\)_firmware	lt	3.5.3
apogee_pxc_modular_\\(p2_ethernet\\)_firmware	le	2.8
talon_tc_compact_\\(bacnet\\)_firmware	lt	3.5.3
talon_tc_modular_\\(bacnet\\)_firmware	lt	3.5.3

References

cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf