CVE-2021-27391

Published: Sep 14, 2021Modified: Apr 23, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

Affected (8)

Products: Siemens: Apogee Mbc (ppc) (p2 Ethernet) Firmware, Apogee Mec (ppc) (p2 Ethernet) Firmware, Apogee Pxc Bacnet Automation Controller Firmware, Apogee Pxc Compact (p2 Ethernet) Firmware, Apogee Pxc Modular (bacnet) Firmware, Apogee Pxc Modular (p2 Ethernet) Firmware, Talon Tc Compact (bacnet) Firmware, Talon Tc Modular (bacnet) Firmware

Siemens

8 products

Apogee Mbc (ppc) (p2 Ethernet) Firmware

Apogee Mec (ppc) (p2 Ethernet) Firmware

Apogee Pxc Bacnet Automation Controller Firmware

Apogee Pxc Compact (p2 Ethernet) Firmware

Apogee Pxc Modular (bacnet) Firmware

Apogee Pxc Modular (p2 Ethernet) Firmware

Talon Tc Compact (bacnet) Firmware

Talon Tc Modular (bacnet) Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Apogee Mbc (ppc) (p2 Ethernet) Firmware	Up to 2.6.3

Running on/with	Platform Versions
Siemens Apogee Mbc (ppc) (p2 Ethernet)	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Apogee Mec (ppc) (p2 Ethernet) Firmware	Up to 2.6.3

Running on/with	Platform Versions
Siemens Apogee Mec (ppc) (p2 Ethernet)	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Apogee Pxc Bacnet Automation Controller Firmware	Before 3.5.3

Running on/with	Platform Versions
Siemens Apogee Pxc Bacnet Automation Controller	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Apogee Pxc Compact (p2 Ethernet) Firmware	Up to 2.8

Running on/with	Platform Versions
Siemens Apogee Pxc Compact (p2 Ethernet)	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Apogee Pxc Modular (bacnet) Firmware	Before 3.5.3

Running on/with	Platform Versions
Siemens Apogee Pxc Modular (bacnet)	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Apogee Pxc Modular (p2 Ethernet) Firmware	Up to 2.8

Running on/with	Platform Versions
Siemens Apogee Pxc Modular (p2 Ethernet)	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Talon Tc Compact (bacnet) Firmware	Before 3.5.3

Running on/with	Platform Versions
Siemens Talon Tc Compact (bacnet)	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Talon Tc Modular (bacnet) Firmware	Before 3.5.3

Running on/with	Platform Versions
Siemens Talon Tc Modular (bacnet)	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.