CVE-2020-15795
Published: Apr 22, 2021
Modified: Aug 4, 2024
CVSS v3.1
8.1
Description
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.
| Vendor | Product | Versions |
|---|---|---|
Siemens | APOGEE PXC Compact (BACnet) | affected All versions < V3.5.5 |
Siemens | APOGEE PXC Compact (P2 Ethernet) | affected All versions < V2.8.20 |
Siemens | APOGEE PXC Modular (BACnet) | affected All versions < V3.5.5 |
Siemens | APOGEE PXC Modular (P2 Ethernet) | affected All versions < V2.8.20 |
Siemens | Nucleus NET | affected All versions < V5.2 |
Siemens | Nucleus Source Code | affected Versions including affected DNS modules |
Siemens | TALON TC Compact (BACnet) | affected All versions < V3.5.5 |
Siemens | TALON TC Modular (BACnet) | affected All versions < V3.5.5 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now