CVE-2021-25677

CVE-2021-25677 concerns DNS transaction ID randomness in Siemens DNS clients across multiple products (APOGEE PXC BACnet/P2 Ethernet, Nucleus NET/ReadyStart, SIMOTICS CONNECT 400, TALON TC). Root cause: DNS client does not properly randomize transaction IDs, enabling potential DNS cache poisoning...

CVE-2021-25664

The CVE-2021-25664 entry affects Capital Embedded AR Classic 431-422 (all versions), Capital Embedded AR Classic R20-11 (all versions < V2303), Nucleus NET (all versions), Nucleus ReadyStart V3 (< V2017.02.4), V4 (

CVE-2021-25663

A vulnerability has been identified in Capital Embedded AR Classic 431-422 All versions, Capital Embedded AR Classic R20-11 All versions V2303, Nucleus NET All versions, Nucleus ReadyStart V3 All versions V2017.02.4, Nucleus ReadyStart V4 All versions V4.1.0, Nucleus Source Code All versions...

CVE-2021-25663

The CVE-2021-25663 vulnerability affects Siemens Nucleus family: Capital Embedded AR Classic (431-422, all versions; R20-11 < V2303), Nucleus NET, Nucleus ReadyStart V3 (< V2017.02.4), V4 (

CVE-2020-15795

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...

CVE-2020-15795

CVE-2020-15795 affects Siemens APOGEE PXC/Nucleus/TALON products (BACnet and P2 Ethernet) and related DNS modules. The vulnerability is in DNS domain name label parsing, where malformed DNS responses could cause a write past the end of an allocated structure, enabling code execution or denial of ...

CVE-2020-27737

Siemens APOGEE PXC, Nucleus and TALON/SIMOTICS products are affected by a DNS response parsing vulnerability that can read past allocated memory when processing malformed DNS responses. A privileged attacker on the network could cause a denial of service or memory leakage. Remediation is to updat...

PT-2021-16738 · Unknown · Capital Embedded Ar Classic +3

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions all through V2303 Nucleus NET versions all Nucleus ReadyStart V3 versions all through V2017.02.4 Nucleus ReadyStart V4 versions all through V4.1.0...

PT-2021-16739 · Mentor Graphics · Nucleus Readystart +3

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions prior to V2303 Nucleus NET versions all Nucleus ReadyStart V3 versions prior to V2017.02.4 Nucleus ReadyStart V4 versions prior to V4.1.0 Nucleus...

NAME:WRECK DNS Vulnerabilities

Cybersecurity researchers from Forescout and JSOF have released a report on a set of nine vulnerabilities—referred to as NAME:WRECK—affecting Domain Name System DNS implementations. NAME:WRECK affects at least four common TCP/IP stacks—FreeBSD, IPNet, NetX, and Nucleus NET—that are used in Intern...

PT-2021-2645 · Unknown · Apogee Pxc Compact +5

Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET versions prior...

PT-2021-2646 · Siemens +1 · Simotics Connect 400 +8

Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET affected...

PT-2021-2648 · Siemens +1 · Simotics Connect 400 +7

Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET affected...

PT-2021-2649 · Siemens +1 · Simotics Connect 400 +7

Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET affected...

Siemens Nucleus Products DNS Module (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens --------- Begin Update A Part 1 of 3 --------- Equipment: Nucleus NET, Nucleus Source Code, Capital VSTAR --------- End Update A Part 1 of 3 --------- Vulnerabilities: Out-of-bounds Write, Use...

Siemens Nucleus Products IPv6 Stack

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens --------- Begin Update A Part 1 of 3 --------- Equipment: Capital VSTAR, Nucleus NET, Nucleus ReadyStart v3, Nucleus ReadyStart v4, Nucleus Source Code --------- End Update A Part 1 of 3...

Siemens Nucleus NET Predictable Initial Sequence Vulnerability

The Nucleus NET module contains a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. A security vulnerability exists in Siemens Nucleus NET. An attacker could exploit the vulnerability to...

Multiple Embedded TCP/IP Stacks (Update B)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Multiple Equipment: Nut/Net, CycloneTCP, NDKTCPIP, FNET, uIP-Contiki-OS, uC/TCP-IP, uIP-Contiki-NG, uIP, picoTCP-NG, picoTCP, MPLAB Net, Nucleus NET, Nucleus ReadyStart Vulnerabilities: Use of...

CVE-2020-28388

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...

Buffer overflow

A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...