CVE-2021-27391

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
siemensCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
siemensapogee_mbc_\(ppc\)_\(p2_ethernet\)_firmware
𝑥
≤ 2.6.3
siemensapogee_mec_\(ppc\)_\(p2_ethernet\)_firmware
𝑥
≤ 2.6.3
siemensapogee_pxc_bacnet_automation_controller_firmware
𝑥
< 3.5.3
siemensapogee_pxc_compact_\(p2_ethernet\)_firmware
𝑥
≤ 2.8
siemensapogee_pxc_modular_\(bacnet\)_firmware
𝑥
< 3.5.3
siemensapogee_pxc_modular_\(p2_ethernet\)_firmware
𝑥
≤ 2.8
siemenstalon_tc_compact_\(bacnet\)_firmware
𝑥
< 3.5.3
siemenstalon_tc_modular_\(bacnet\)_firmware
𝑥
< 3.5.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf