Remote code execution in Siemens APOGEE and TALON
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-27391 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
APOGEE MBC Hardware solutions / Other hardware appliances APOGEE MEC Hardware solutions / Other hardware appliances APOGEE PXC Compact (P2 Ethernet) Hardware solutions / Other hardware appliances APOGEE PXC Modular (P2 Ethernet) Hardware solutions / Other hardware appliances APOGEE PXC Compact (BACnet) Hardware solutions / Other hardware appliances APOGEE PXC Modular (BACnet) Hardware solutions / Other hardware appliances TALON TC Compact (BACnet) Hardware solutions / Other hardware appliances TALON TC Modular (BACnet) Hardware solutions / Other hardware appliances |
| Vendor | Siemens |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU56616
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2021-27391
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing specific requests. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAPOGEE MBC: - - 2.6.3
APOGEE MEC: - - 2.6.3
APOGEE PXC Compact (P2 Ethernet): - - 2.8
APOGEE PXC Modular (P2 Ethernet): - - 2.8
APOGEE PXC Compact (BACnet): before 3.5.3
APOGEE PXC Modular (BACnet): before 3.5.3
TALON TC Compact (BACnet): before 3.5.3
TALON TC Modular (BACnet): before 3.5.3
CPE2.3- cpe:2.3:h:siemens:apogee_mbc:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:apogee_mbc:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:apogee_mec:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:apogee_mec:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:apogee_pxc_compact_p2_ethernet:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:apogee_pxc_compact_p2_ethernet:2.8:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:apogee_pxc_modular_p2_ethernet:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:apogee_pxc_modular_p2_ethernet:2.8:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:apogee_pxc_compact_bacnet:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:apogee_pxc_modular_bacnet:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:talon_tc_compact_bacnet:*:*:*:*:*:*:*:*
- cpe:2.3:h:siemens:talon_tc_modular_bacnet:*:*:*:*:*:*:*:*
https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
