CVE-2021-27391

EUVD-2021-14146
A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
siemensapogee_mbc_\(ppc\)_\(p2_ethernet\)_firmware
𝑥
≤ 2.6.3
siemensapogee_mec_\(ppc\)_\(p2_ethernet\)_firmware
𝑥
≤ 2.6.3
siemensapogee_pxc_bacnet_automation_controller_firmware
𝑥
< 3.5.3
siemensapogee_pxc_compact_\(p2_ethernet\)_firmware
𝑥
≤ 2.8
siemensapogee_pxc_modular_\(bacnet\)_firmware
𝑥
< 3.5.3
siemensapogee_pxc_modular_\(p2_ethernet\)_firmware
𝑥
≤ 2.8
siemenstalon_tc_compact_\(bacnet\)_firmware
𝑥
< 3.5.3
siemenstalon_tc_modular_\(bacnet\)_firmware
𝑥
< 3.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf