CVE-2021-25677
https://notcve.org/view.php?id=CVE-2021-25677
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving. Se ha identificado una vulnerabilidad en Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a la versión V2017.02.3), Nucleus ReadyStart V4 (Todas las versiones anteriores a la versión V4.1.0), Nucleus Source Code (Versiones que incluyen los módulos DNS afectados), SIMOTICS CONNECT 400 (Todas las versiones anteriores a la versión V0.5.0.0), SIMOTICS CONNECT 400 (Todas las versiones posteriores o iguales a la versión V0.5.0.0 anteriores a la versión V1.0.0). El cliente DNS no aleatoriza correctamente los ID de las transacciones DNS. • https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf • CWE-330: Use of Insufficiently Random Values •
CVE-2021-25664
https://notcve.org/view.php?id=CVE-2021-25664
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes the Hop-by-Hop extension header in IPv6 packets and its options lacks any checks against the length field of the header, allowing attackers to put the function into an infinite loop by supplying arbitrary length values. Se ha identificado una vulnerabilidad en Capital VSTAR (Versiones que incluyen la pila IPv6 afectada), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02.4), Nucleus ReadyStart V4 (Todas las versiones anteriores a V4.1.0), Nucleus Source Code (Versiones que incluyen la pila IPv6 afectada). La función que procesa la cabecera de extensión Hop-by-Hop en los paquetes IPv6 y sus opciones carece de cualquier comprobación contra el campo de longitud de la cabecera, lo que permite a los atacantes poner la función en un bucle infinito suministrando valores de longitud arbitrarios • https://cert-portal.siemens.com/productcert/html/ssa-248289.html https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2021-25663
https://notcve.org/view.php?id=CVE-2021-25663
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (All versions including affected IPv6 stack). The function that processes IPv6 headers does not check the lengths of extension header options, allowing attackers to put this function into an infinite loop with crafted length values. Se ha identificado una vulnerabilidad en Capital VSTAR (Versiones que incluyen la pila IPv6 afectada), Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02.4), Nucleus ReadyStart V4 (Todas las versiones anteriores a V4.1.0), Nucleus Source Code (Versiones que incluyen la pila IPv6 afectada). La función que procesa las cabeceras de IPv6 no comprueba las longitudes de las opciones de las cabeceras de extensión, lo que permite a los atacantes poner esta función en un bucle infinito con valores de longitud manipulados • https://cert-portal.siemens.com/productcert/html/ssa-248289.html https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf https://us-cert.cisa.gov/ics/advisories/icsa-21-103-05 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2020-27738
https://notcve.org/view.php?id=CVE-2020-27738
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition. Se ha identificado una vulnerabilidad en Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2017.02.3), Nucleus ReadyStart V4 (Todas las versiones anteriores a V4.1.0), Nucleus Source Code (Versiones que incluyen los módulos DNS afectados), SIMOTICS CONNECT 400 (Todas las versiones anteriores a V0.5.0.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-788: Access of Memory Location After End of Buffer •
CVE-2020-27737
https://notcve.org/view.php?id=CVE-2020-27737
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure. Se ha identificado una vulnerabilidad en Nucleus NET (Todas las versiones), Nucleus ReadyStart V3 (Todas las versiones anteriores a la versión V2017.02.3), Nucleus ReadyStart V4 (Todas las versiones anteriores a la versión V4.1.0), Nucleus Source Code (Versiones que incluyen los módulos DNS afectados), SIMOTICS CONNECT 400 (Todas las versiones anteriores a la versión V0.5.0.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf • CWE-125: Out-of-bounds Read •