CVE-2021-27391

Published Sep 14, 2021

Last updated 3 years ago

CVSS critical 9.8

Overview

Description: A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.
Source: productcert@siemens.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

productcert@siemens.com: CWE-120

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_mbc_\\(ppc\\)_\\(p2_ethernet\\)_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31740BC7-0AA1-407C-A09A-80F5F988B622",
            "versionEndIncluding": "2.6.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_mbc_\\(ppc\\)_\\(p2_ethernet\\):*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7DCA333D-E244-474C-85A1-28D58BD52B9A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_mec_\\(ppc\\)_\\(p2_ethernet\\)_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10AE7480-2439-4C4F-A2A9-534ADB3465FC",
            "versionEndIncluding": "2.6.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_mec_\\(ppc\\)_\\(p2_ethernet\\):*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4C6D6BE1-3FBA-4CFB-BCB2-69CD32C2B66C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_pxc_bacnet_automation_controller_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6ED57DFE-CB12-4448-97C8-FA7E91F14270",
            "versionEndExcluding": "3.5.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_pxc_bacnet_automation_controller:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B0CFFD37-F58F-48D3-A466-06CAAC8BD580"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_pxc_compact_\\(p2_ethernet\\)_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AB7990B-3DEF-4FB9-A577-63D5BFFA6FB0",
            "versionEndIncluding": "2.8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_pxc_compact_\\(p2_ethernet\\):*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "86B37170-74CC-44A2-A069-C91E1B8A3877"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_\\(bacnet\\)_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68DB98DC-274A-403B-846A-0B3F54A1AC4A",
            "versionEndExcluding": "3.5.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_pxc_modular_\\(bacnet\\):*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "63A8FFF6-EB8F-4159-B8E7-6619780EE5F0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_\\(p2_ethernet\\)_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC73A707-FD2E-4ACA-8F53-CE82033952B7",
            "versionEndIncluding": "2.8"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:apogee_pxc_modular_\\(p2_ethernet\\):*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "78EE7A2C-2967-40E5-8485-D90E087F7885"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:talon_tc_compact_\\(bacnet\\)_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C746D61-2372-41AF-B074-1BE5B82418DA",
            "versionEndExcluding": "3.5.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:talon_tc_compact_\\(bacnet\\):*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "173D1A0C-FCC9-454B-B701-57B1EB83473D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:siemens:talon_tc_modular_\\(bacnet\\)_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4755D15-F0E4-49D1-8176-4C7D7F5D5421",
            "versionEndExcluding": "3.5.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:siemens:talon_tc_modular_\\(bacnet\\):*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8862F30B-F2C6-4B03-965D-36AC1F3B9490"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References