CVE-2020-27009

{"id": "CVE-2020-27009", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2021-04-22T21:15:09.220", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf", "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-823"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Nucleus NET (Todas las versiones anteriores a V5.2), Nucleus Source Code (Versiones que incluyen los m\u00f3dulos DNS afectados). La funcionalidad de descompresi\u00f3n de registros de nombres de dominio DNS no valida correctamente los valores de desplazamiento del puntero. El an\u00e1lisis sint\u00e1ctico de respuestas malformadas podr\u00eda dar lugar a una escritura m\u00e1s all\u00e1 del final de una estructura asignada. Un atacante con una posici\u00f3n privilegiada en la red podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual o provocar una condici\u00f3n de denegaci\u00f3n de servicio"}], "lastModified": "2023-08-08T10:15:11.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AA3D291-7974-459E-8629-82EEE9222881", "versionEndExcluding": "5.2"}, {"criteria": "cpe:2.3:a:siemens:nucleus_source_code:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53A38C64-612A-4BC5-83D5-D3FA1C90E0F7"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}