cnvd - cnvd-2021-28707

CNVD-2021-28707

Vulnerability from cnvd - Published: 2021-04-15

Title

Siemens SIMOTICS CONNECT 400拒绝服务漏洞

Description

SIMOTICS CONNECT 400是一个连接器和传感器盒，安装在低压电机上，为MindSphere应用程序SIDRIVE IQ Fleet提供分析数据。 Siemens SIMOTICS CONNECT 400存在拒绝服务漏洞，该漏洞是由于DNS域名标签解析功能未能正确验证DNS响应中的null terminatedname。攻击者可利用漏洞造成拒绝服务情况或泄露读取内存。

Severity

中

Patch Name

Siemens SIMOTICS CONNECT 400拒绝服务漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf

Impacted products

Name
Siemens SIMOTICS CONNECT 400 < V0.5.0.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-27736"
    }
  },
  "description": "SIMOTICS CONNECT 400\u662f\u4e00\u4e2a\u8fde\u63a5\u5668\u548c\u4f20\u611f\u5668\u76d2\uff0c\u5b89\u88c5\u5728\u4f4e\u538b\u7535\u673a\u4e0a\uff0c\u4e3aMindSphere\u5e94\u7528\u7a0b\u5e8fSIDRIVE IQ Fleet\u63d0\u4f9b\u5206\u6790\u6570\u636e\u3002\n\nSiemens SIMOTICS CONNECT 400\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eDNS\u57df\u540d\u6807\u7b7e\u89e3\u6790\u529f\u80fd\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1DNS\u54cd\u5e94\u4e2d\u7684null terminatedname\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u60c5\u51b5\u6216\u6cc4\u9732\u8bfb\u53d6\u5185\u5b58\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28707",
  "openTime": "2021-04-15",
  "patchDescription": "SIMOTICS CONNECT 400\u662f\u4e00\u4e2a\u8fde\u63a5\u5668\u548c\u4f20\u611f\u5668\u76d2\uff0c\u5b89\u88c5\u5728\u4f4e\u538b\u7535\u673a\u4e0a\uff0c\u4e3aMindSphere\u5e94\u7528\u7a0b\u5e8fSIDRIVE IQ Fleet\u63d0\u4f9b\u5206\u6790\u6570\u636e\u3002\r\n\r\nSiemens SIMOTICS CONNECT 400\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u662f\u7531\u4e8eDNS\u57df\u540d\u6807\u7b7e\u89e3\u6790\u529f\u80fd\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1DNS\u54cd\u5e94\u4e2d\u7684null terminatedname\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u60c5\u51b5\u6216\u6cc4\u9732\u8bfb\u53d6\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SIMOTICS CONNECT 400\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siemens SIMOTICS CONNECT 400 \u003c V0.5.0.0"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2021-04-15",
  "title": "Siemens SIMOTICS CONNECT 400\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2020-27736 (GCVE-0-2020-27736)

Vulnerability from cvelistv5 – Published: 2021-04-22 20:42 – Updated: 2024-08-04 16:18

Summary

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C

CWE

CWE-170 - Improper Null Termination

Assigner

siemens

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/s…
	https://cert-portal.siemens.com/productcert/pdf/s…
	https://cert-portal.siemens.com/productcert/pdf/s…

Impacted products

Vendor

Product

Version

Siemens

APOGEE PXC Compact (BACnet)

Affected: All versions < V3.5.5

Siemens	APOGEE PXC Compact (P2 Ethernet)	Affected: All versions < V2.8.20
Siemens	APOGEE PXC Modular (BACnet)	Affected: All versions < V3.5.5
Siemens	APOGEE PXC Modular (P2 Ethernet)	Affected: All versions < V2.8.20
Siemens	Nucleus NET	Affected: All versions
Siemens	Nucleus ReadyStart V3	Affected: All versions < V2017.02.3
Siemens	Nucleus ReadyStart V4	Affected: All versions < V4.1.0
Siemens	Nucleus Source Code	Affected: Versions including affected DNS modules
Siemens	SIMOTICS CONNECT 400	Affected: All versions < V0.5.0.0
Siemens	TALON TC Compact (BACnet)	Affected: All versions < V3.5.5
Siemens	TALON TC Modular (BACnet)	Affected: All versions < V3.5.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:18:45.573Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "APOGEE PXC Compact (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "APOGEE PXC Compact (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8.20"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "APOGEE PXC Modular (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "APOGEE PXC Modular (P2 Ethernet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.8.20"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Nucleus NET",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Nucleus ReadyStart V3",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2017.02.3"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Nucleus ReadyStart V4",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Nucleus Source Code",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "Versions including affected DNS modules"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTICS CONNECT 400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V0.5.0.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TALON TC Compact (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.5"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TALON TC Modular (BACnet)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.5.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions \u003c V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions \u003c V2.8.20), APOGEE PXC Modular (BACnet) (All versions \u003c V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions \u003c V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.3), Nucleus ReadyStart V4 (All versions \u003c V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), TALON TC Compact (BACnet) (All versions \u003c V3.5.5), TALON TC Modular (BACnet) (All versions \u003c V3.5.5). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170: Improper Null Termination",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-08T09:20:03.377Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-27736",
    "datePublished": "2021-04-22T20:42:19",
    "dateReserved": "2020-10-26T00:00:00",
    "dateUpdated": "2024-08-04T16:18:45.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-28707

CVE-2020-27736 (GCVE-0-2020-27736)

Tags

Sightings

Nomenclature