CVE-2021-27391
Published: Sep 14, 2021
Modified: Apr 23, 2025
Description
A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.
| Vendor | Product | Versions |
|---|---|---|
Siemens | APOGEE MBC (PPC) (P2 Ethernet) | affected All versions >= V2.6.3 |
Siemens | APOGEE MEC (PPC) (P2 Ethernet) | affected All versions >= V2.6.3 |
Siemens | APOGEE PXC Compact (BACnet) | affected All versions < V3.5.3 |
Siemens | APOGEE PXC Compact (P2 Ethernet) | affected All versions >= V2.8 |
Siemens | APOGEE PXC Modular (BACnet) | affected All versions < V3.5.3 |
Siemens | APOGEE PXC Modular (P2 Ethernet) | affected All versions >= V2.8 |
Siemens | TALON TC Compact (BACnet) | affected All versions < V3.5.3 |
Siemens | TALON TC Modular (BACnet) | affected All versions < V3.5.3 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now