CVE-2020-15795
CVE-2020-15795
In short
A flaw in DNS response handling allows malformed domain names to overwrite memory beyond allocated buffers. An attacker on the network can send crafted DNS responses to execute code or crash the device.
Technical detail
CWE-787 buffer overflow in DNS label parsing accepts malformed responses without proper bounds checking. An attacker with network-level access can inject specially crafted DNS responses to write past allocated structure boundaries, achieving code execution or denial-of-service in the affected process context.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected products
Siemens · APOGEE PXC Compact (BACnet)Siemens · APOGEE PXC Compact (P2 Ethernet)Siemens · APOGEE PXC Modular (BACnet)Siemens · APOGEE PXC Modular (P2 Ethernet)Siemens · Nucleus NETSiemens · Nucleus Source CodeSiemens · TALON TC Compact (BACnet)Siemens · TALON TC Modular (BACnet)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →