CVE-2021-27391

{"id": "CVE-2021-27391", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-09-14T11:15:23.913", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en APOGEE MBC (PPC) (P2 Ethernet) (Todas las versiones posteriores a V2.6.3, incluy\u00e9ndola), APOGEE MEC (PPC) (P2 Ethernet) (Todas las versiones posteriores a V2.6.3, incluy\u00e9ndola), APOGEE PXC Compact (BACnet) (Todas las versiones anteriores a V3.5.3), APOGEE PXC Compact (P2 Ethernet) (Todas las versiones posteriores a V2.8, incluy\u00e9ndola), APOGEE PXC Modular (BACnet) (Todas las versiones anteriores a V3.5.3), APOGEE PXC Modular (P2 Ethernet) (Todas las versiones posteriores a V2.8, incluy\u00e9ndola), TALON TC Compact (BACnet) (Todas las versiones anteriores a V3.5.3), TALON TC Modular (BACnet) (Todas las versiones anteriores a V3.5.3). El servidor web de los dispositivos afectados carece de una comprobaci\u00f3n de l\u00edmites apropiada cuando analiza el par\u00e1metro Host en las peticiones HTTP, que podr\u00eda conllevar un desbordamiento del b\u00fafer. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el dispositivo con privilegios de root"}], "lastModified": "2025-04-23T20:15:22.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:apogee_mbc_\\(ppc\\)_\\(p2_ethernet\\)_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31740BC7-0AA1-407C-A09A-80F5F988B622", "versionEndIncluding": "2.6.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:apogee_mbc_\\(ppc\\)_\\(p2_ethernet\\):*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7DCA333D-E244-474C-85A1-28D58BD52B9A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:apogee_mec_\\(ppc\\)_\\(p2_ethernet\\)_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10AE7480-2439-4C4F-A2A9-534ADB3465FC", "versionEndIncluding": "2.6.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:apogee_mec_\\(ppc\\)_\\(p2_ethernet\\):*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4C6D6BE1-3FBA-4CFB-BCB2-69CD32C2B66C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:apogee_pxc_bacnet_automation_controller_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ED57DFE-CB12-4448-97C8-FA7E91F14270", "versionEndExcluding": "3.5.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:apogee_pxc_bacnet_automation_controller:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B0CFFD37-F58F-48D3-A466-06CAAC8BD580"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:apogee_pxc_compact_\\(p2_ethernet\\)_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AB7990B-3DEF-4FB9-A577-63D5BFFA6FB0", "versionEndIncluding": "2.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:apogee_pxc_compact_\\(p2_ethernet\\):*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "86B37170-74CC-44A2-A069-C91E1B8A3877"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_\\(bacnet\\)_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68DB98DC-274A-403B-846A-0B3F54A1AC4A", "versionEndExcluding": "3.5.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:apogee_pxc_modular_\\(bacnet\\):*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "63A8FFF6-EB8F-4159-B8E7-6619780EE5F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_\\(p2_ethernet\\)_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC73A707-FD2E-4ACA-8F53-CE82033952B7", "versionEndIncluding": "2.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:apogee_pxc_modular_\\(p2_ethernet\\):*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78EE7A2C-2967-40E5-8485-D90E087F7885"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:talon_tc_compact_\\(bacnet\\)_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C746D61-2372-41AF-B074-1BE5B82418DA", "versionEndExcluding": "3.5.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:talon_tc_compact_\\(bacnet\\):*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "173D1A0C-FCC9-454B-B701-57B1EB83473D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:siemens:talon_tc_modular_\\(bacnet\\)_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4755D15-F0E4-49D1-8176-4C7D7F5D5421", "versionEndExcluding": "3.5.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:siemens:talon_tc_modular_\\(bacnet\\):*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8862F30B-F2C6-4B03-965D-36AC1F3B9490"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "productcert@siemens.com"}