CVE-2021-27391
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.
Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones posteriores a V2.6.3, incluyéndola), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones posteriores a V2.6.3, incluyéndola), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3.5.3), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones posteriores a V2.8, incluyéndola), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3.5.3), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones posteriores a V2.8, incluyéndola), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.3), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.3). El servidor web de los dispositivos afectados carece de una comprobación de límites apropiada cuando analiza el parámetro Host en las peticiones HTTP, que podría conllevar un desbordamiento del búfer. Un atacante remoto no autenticado podría explotar esta vulnerabilidad para ejecutar código arbitrario en el dispositivo con privilegios de root
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-18 CVE Reserved
- 2021-09-14 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf | 2021-09-28 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Apogee Mbc \(ppc\) \(p2 Ethernet\) Firmware Search vendor "Siemens" for product "Apogee Mbc \(ppc\) \(p2 Ethernet\) Firmware" | <= 2.6.3 Search vendor "Siemens" for product "Apogee Mbc \(ppc\) \(p2 Ethernet\) Firmware" and version " <= 2.6.3" | - |
Affected
| in | Siemens Search vendor "Siemens" | Apogee Mbc \(ppc\) \(p2 Ethernet\) Search vendor "Siemens" for product "Apogee Mbc \(ppc\) \(p2 Ethernet\)" | * | - |
Safe
|
| Siemens Search vendor "Siemens" | Apogee Mec \(ppc\) \(p2 Ethernet\) Firmware Search vendor "Siemens" for product "Apogee Mec \(ppc\) \(p2 Ethernet\) Firmware" | <= 2.6.3 Search vendor "Siemens" for product "Apogee Mec \(ppc\) \(p2 Ethernet\) Firmware" and version " <= 2.6.3" | - |
Affected
| in | Siemens Search vendor "Siemens" | Apogee Mec \(ppc\) \(p2 Ethernet\) Search vendor "Siemens" for product "Apogee Mec \(ppc\) \(p2 Ethernet\)" | * | - |
Safe
|
| Siemens Search vendor "Siemens" | Apogee Pxc Bacnet Automation Controller Firmware Search vendor "Siemens" for product "Apogee Pxc Bacnet Automation Controller Firmware" | < 3.5.3 Search vendor "Siemens" for product "Apogee Pxc Bacnet Automation Controller Firmware" and version " < 3.5.3" | - |
Affected
| in | Siemens Search vendor "Siemens" | Apogee Pxc Bacnet Automation Controller Search vendor "Siemens" for product "Apogee Pxc Bacnet Automation Controller" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Apogee Pxc Compact \(p2 Ethernet\) Firmware Search vendor "Siemens" for product "Apogee Pxc Compact \(p2 Ethernet\) Firmware" | <= 2.8 Search vendor "Siemens" for product "Apogee Pxc Compact \(p2 Ethernet\) Firmware" and version " <= 2.8" | - |
Affected
| in | Siemens Search vendor "Siemens" | Apogee Pxc Compact \(p2 Ethernet\) Search vendor "Siemens" for product "Apogee Pxc Compact \(p2 Ethernet\)" | * | - |
Safe
|
| Siemens Search vendor "Siemens" | Apogee Pxc Modular \(bacnet\) Firmware Search vendor "Siemens" for product "Apogee Pxc Modular \(bacnet\) Firmware" | < 3.5.3 Search vendor "Siemens" for product "Apogee Pxc Modular \(bacnet\) Firmware" and version " < 3.5.3" | - |
Affected
| in | Siemens Search vendor "Siemens" | Apogee Pxc Modular \(bacnet\) Search vendor "Siemens" for product "Apogee Pxc Modular \(bacnet\)" | * | - |
Safe
|
| Siemens Search vendor "Siemens" | Apogee Pxc Modular \(p2 Ethernet\) Firmware Search vendor "Siemens" for product "Apogee Pxc Modular \(p2 Ethernet\) Firmware" | <= 2.8 Search vendor "Siemens" for product "Apogee Pxc Modular \(p2 Ethernet\) Firmware" and version " <= 2.8" | - |
Affected
| in | Siemens Search vendor "Siemens" | Apogee Pxc Modular \(p2 Ethernet\) Search vendor "Siemens" for product "Apogee Pxc Modular \(p2 Ethernet\)" | * | - |
Safe
|
| Siemens Search vendor "Siemens" | Talon Tc Compact \(bacnet\) Firmware Search vendor "Siemens" for product "Talon Tc Compact \(bacnet\) Firmware" | < 3.5.3 Search vendor "Siemens" for product "Talon Tc Compact \(bacnet\) Firmware" and version " < 3.5.3" | - |
Affected
| in | Siemens Search vendor "Siemens" | Talon Tc Compact \(bacnet\) Search vendor "Siemens" for product "Talon Tc Compact \(bacnet\)" | * | - |
Safe
|
| Siemens Search vendor "Siemens" | Talon Tc Modular \(bacnet\) Firmware Search vendor "Siemens" for product "Talon Tc Modular \(bacnet\) Firmware" | < 3.5.3 Search vendor "Siemens" for product "Talon Tc Modular \(bacnet\) Firmware" and version " < 3.5.3" | - |
Affected
| in | Siemens Search vendor "Siemens" | Talon Tc Modular \(bacnet\) Search vendor "Siemens" for product "Talon Tc Modular \(bacnet\)" | * | - |
Safe
|