CVE-2021-27391
Description
A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.
Affected products
11<V3.5.3+ 1 more
- (no CPE)range: <V3.5.3
- (no CPE)range: All versions < V3.5.3
<V3.5.3+ 1 more
- (no CPE)range: <V3.5.3
- (no CPE)range: All versions < V3.5.3
>=V2.8+ 1 more
- (no CPE)range: >=V2.8
- (no CPE)range: All versions >= V2.8
All versions >= V2.6.3+ 2 more
- (no CPE)range: All versions >= V2.6.3
- (no CPE)range: All versions >= V2.6.3
- (no CPE)range: All versions >= V2.8
- Range: All versions < V3.5.3
- Range: All versions < V3.5.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- cert-portal.siemens.com/productcert/pdf/ssa-944498.pdfmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.