CVE-2021-25677: A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions = V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5)…

medium5.3CVSS 3.1

AVNACLPRNUINSUCNILAN

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions = V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

Affected

18 ranges

Vendor	Product	Version range	Fixed in
paloalto	pan-os	—	—
paloalto	prisma_sd	—	—
siemens	apogee_pxc_compact	—	—
siemens	apogee_pxc_compact	—	—
siemens	apogee_pxc_modular	—	—
siemens	apogee_pxc_modular	—	—
siemens	nucleus_net	—	—
siemens	nucleus_readystart_v3	< 2017.02.4	2017.02.4
siemens	nucleus_readystart_v3	—	—
siemens	nucleus_readystart_v3	—	—
siemens	nucleus_readystart_v4	< 4.1.0	4.1.0
siemens	nucleus_readystart_v4	—	—
siemens	nucleus_source_code	—	—
siemens	simotics_connect_400	—	—
siemens	simotics_connect_400	—	—
siemens	simotics_connect_400_firmware	>= 0.5.0.0	—
siemens	talon_tc_compact	—	—
siemens	talon_tc_modular	—	—