Multiple vulnerabilities in DNS Module of Siemens Nucleus Products

1) Improper Null Termination

EUVDB-ID: #VU52204

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27736

CWE-ID: CWE-170 - Improper Null Termination

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. A remote attacker can cause a denial of service condition or leak the read memory.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Nucleus NET: All versions

VSTAR: All versions

Nucleus Source Code: All versions

Nucleus RTOS: All versions

Nucleus ReadyStart: before 2017.02.3

Nucleus 4: before 4.1.0

External links

http://cert-portal.siemens.com/productcert/txt/ssa-705111.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU52205

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27737

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary condition in the DNS response parsing functionality. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service (DoS) condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Nucleus NET: All versions

VSTAR: All versions

Nucleus Source Code: All versions

Nucleus RTOS: All versions

Nucleus ReadyStart: before 2017.02.3

Nucleus 4: before 4.1.0

External links

http://cert-portal.siemens.com/productcert/txt/ssa-705111.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Access of Memory Location After End of Buffer

EUVDB-ID: #VU52206

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27738

CWE-ID: CWE-788 - Access of Memory Location After End of Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the DNS domain name record decompression functionality does not properly validate the pointer offset values. A remote attacker can cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Nucleus NET: All versions

VSTAR: All versions

Nucleus Source Code: All versions

Nucleus RTOS: All versions

Nucleus ReadyStart: before 2017.02.3

Nucleus 4: before 4.1.0

External links

http://cert-portal.siemens.com/productcert/txt/ssa-705111.txt

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.