CVE-2020-27009
CVE-2020-27009
In short
A flaw in DNS name record handling allows an attacker on the network to write data beyond memory boundaries, potentially crashing the system or running malicious code. This affects building automation controllers that use the vulnerable DNS processing code.
Technical detail
The DNS domain name decompression logic fails to validate pointer offset values, allowing out-of-bounds writes to allocated memory structures via malformed DNS responses. An attacker positioned on the network path (man-in-the-middle capable) can trigger code execution or denial-of-service; exploitation requires crafting malicious DNS responses that bypass offset validation.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected products
Siemens · APOGEE PXC Compact (BACnet)Siemens · APOGEE PXC Compact (P2 Ethernet)Siemens · APOGEE PXC Modular (BACnet)Siemens · APOGEE PXC Modular (P2 Ethernet)Siemens · Nucleus NETSiemens · Nucleus Source CodeSiemens · TALON TC Compact (BACnet)Siemens · TALON TC Modular (BACnet)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →