CVE-2021-27391

high-risk
Published 2021-09-14

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

Do I need to act?

~
2.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (8)

Apogee Mbc \(Ppc\) \(P2 Ethernet\) Firmware
Apogee Mec \(Ppc\) \(P2 Ethernet\) Firmware
Apogee Pxc Bacnet Automation Controller Firmware
Apogee Pxc Compact \(P2 Ethernet\) Firmware
Apogee Pxc Modular \(Bacnet\) Firmware
Apogee Pxc Modular \(P2 Ethernet\) Firmware
Talon Tc Compact \(Bacnet\) Firmware
Talon Tc Modular \(Bacnet\) Firmware

Affected Vendors

Siemens

References (2)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf
52
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 14/34 · Moderate