CVE-2020-27009 - OpenCVE

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Nucleus Net Nucleus Source Code

Configuration 1 [-]

OR	cpe:2.3:a:siemens:nucleus_net::::::::
	cpe:2.3:a:siemens:nucleus_source_code:-:::::::*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2021-04-22T20:42:19

Updated: 2024-08-04T16:03:23.236Z

Reserved: 2020-10-12T00:00:00

Link: CVE-2020-27009

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-04-22T21:15:09.220

Modified: 2023-08-08T10:15:11.637

Link: CVE-2020-27009

Redhat

No data.

{"containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-08-08T09:20:02.298Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition."}], "affected": [{"vendor": "Siemens", "product": "APOGEE PXC Compact (BACnet)", "versions": [{"version": "All versions < V3.5.5", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "APOGEE PXC Compact (P2 Ethernet)", "versions": [{"version": "All versions < V2.8.20", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "APOGEE PXC Modular (BACnet)", "versions": [{"version": "All versions < V3.5.5", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "APOGEE PXC Modular (P2 Ethernet)", "versions": [{"version": "All versions < V2.8.20", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Nucleus NET", "versions": [{"version": "All versions < V5.2", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Nucleus Source Code", "versions": [{"version": "Versions including affected DNS modules", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "TALON TC Compact (BACnet)", "versions": [{"version": "All versions < V3.5.5", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "TALON TC Modular (BACnet)", "versions": [{"version": "All versions < V3.5.5", "status": "affected"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-823", "description": "CWE-823: Use of Out-of-range Pointer Offset", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:03:23.236Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf", "tags": ["x_transferred"]}]}]}, "cveMetadata": {"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2020-27009", "datePublished": "2021-04-22T20:42:19", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:23.236Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AA3D291-7974-459E-8629-82EEE9222881", "versionEndExcluding": "5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*", "matchCriteriaId": "53A38C64-612A-4BC5-83D5-D3FA1C90E0F7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Nucleus NET (Todas las versiones anteriores a V5.2), Nucleus Source Code (Versiones que incluyen los m\u00f3dulos DNS afectados). La funcionalidad de descompresi\u00f3n de registros de nombres de dominio DNS no valida correctamente los valores de desplazamiento del puntero. El an\u00e1lisis sint\u00e1ctico de respuestas malformadas podr\u00eda dar lugar a una escritura m\u00e1s all\u00e1 del final de una estructura asignada. Un atacante con una posici\u00f3n privilegiada en la red podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual o provocar una condici\u00f3n de denegaci\u00f3n de servicio"}], "id": "CVE-2020-27009", "lastModified": "2023-08-08T10:15:11.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "productcert@siemens.com", "type": "Secondary"}]}, "published": "2021-04-22T21:15:09.220", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"}, {"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-823"}], "source": "productcert@siemens.com", "type": "Secondary"}]}