#VU52209 Use of Out-of-range Pointer Offset in Siemens products - CVE-2020-27009

Cybersecurity Help s.r.o.

Published: 2021-04-14

Vulnerability identifier: #VU52209

Vulnerability risk: High

CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-27009

CWE-ID: CWE-823

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Nucleus RTOS
Server applications / Other server solutions
Nucleus Source Code
Server applications / Other server solutions
VSTAR
Server applications / Other server solutions
Nucleus NET
Server applications / Other server solutions

Vendor: Siemens

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the DNS domain name record decompression functionality does not properly validate the pointer offset values. A remote atttacker can execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Nucleus RTOS: All versions

Nucleus Source Code: All versions

VSTAR: All versions

Nucleus NET: before 5.2

External links
https://ics-cert.us-cert.gov/advisories/icsa-21-103-04
https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Siemens Nucleus Products