CVE-2020-15795Out-of-bounds Write in Siemens Nucleus NET

CWE-787Out-of-bounds Write3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.7%
top 28.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Siemens Nucleus NETSiemens Apogee PXC CompactSiemens Apogee PXC Modular+3 more
Timeline
PublishedApr 22
Latest updateMay 24

Description

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing fun

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages7 packages

CVEListV5siemens/apogee_pxc_compactAll versions < V2.8.20, All versions < V3.5.5+1
CVEListV5siemens/apogee_pxc_modularAll versions < V2.8.20, All versions < V3.5.5+1
CVEListV5siemens/talon_tc_compactAll versions < V3.5.5
CVEListV5siemens/talon_tc_modularAll versions < V3.5.5
CVEListV5siemens/nucleus_source_codeVersions including affected DNS modules

🔴Vulnerability Details

2
GHSA
GHSA-cw98-4v34-2rc8: A vulnerability has been identified in Nucleus NET (All versions < V52022-05-24
CVEList
CVE-2020-15795: A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V32021-04-22
CVE-2020-15795 — Out-of-bounds Write in Siemens | cvebase