cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-45937,https://securityvulnerability.io/vulnerability/CVE-2022-45937,Vulnerability in APOGEE PXC and TALON TC Products from Siemens,"A vulnerability has been identified within Siemens’ APOGEE PXC and TALON TC product lines where a low privilege authenticated attacker with network access can exploit the integrated web server to extract sensitive information, including user account credentials. This issue affects several versions of the products, making timely updates critical for maintaining security.",Siemens,"APOGEE PXC Compact (BACnet),APOGEE PXC Compact (P2 Ethernet),APOGEE PXC Modular (BACnet),APOGEE PXC Modular (P2 Ethernet),TALON TC Compact (BACnet),TALON TC Modular (BACnet)",6.5,MEDIUM,0.0005699999746866524,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-38371,https://securityvulnerability.io/vulnerability/CVE-2022-38371,Denial of Service Vulnerability in Siemens APOGEE and Desigo Products,"A vulnerability has been discovered in various Siemens products, specifically affecting the FTP server's ability to manage memory resources. This flaw can be exploited by remote attackers to create a denial of service condition by leaving incomplete connection attempts, which prevents the server from successfully releasing memory. As a result, devices running these vulnerable versions may become unresponsive. Users are encouraged to review the affected product versions and apply appropriate mitigations.",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net For Nucleus Plus V1,Nucleus Net For Nucleus Plus V2,Nucleus Readystart V3 V2012,Nucleus Readystart V3 V2017,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",7.5,HIGH,0.0035600000992417336,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2021-31888,https://securityvulnerability.io/vulnerability/CVE-2021-31888,,"A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “MKD/XMKD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0018)",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",8.8,HIGH,0.003000000026077032,false,,false,false,false,,false,false,2021-11-09T11:32:00.000Z,0
CVE-2021-31887,https://securityvulnerability.io/vulnerability/CVE-2021-31887,,"A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “PWD/XPWD” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0016)",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",8.8,HIGH,0.0028800000436604023,false,,false,false,false,,false,false,2021-11-09T11:32:00.000Z,0
CVE-2021-31886,https://securityvulnerability.io/vulnerability/CVE-2021-31886,,"A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). FTP server does not properly validate the length of the “USER” command, leading to stack-based buffer overflows. This may result in Denial-of-Service conditions and Remote Code Execution. (FSMD-2021-0010)",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",9.8,CRITICAL,0.012179999612271786,false,,false,false,false,,false,false,2021-11-09T11:31:59.000Z,0
CVE-2021-31885,https://securityvulnerability.io/vulnerability/CVE-2021-31885,,"A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). TFTP server application allows for reading the contents of the TFTP memory buffer via sending malformed TFTP commands. (FSMD-2021-0009)",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Readystart V4,Nucleus Source Code,Pluscontrol 1st Gen,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",7.5,HIGH,0.0011899999808520079,false,,false,false,false,,false,false,2021-11-09T11:31:58.000Z,0
CVE-2021-31884,https://securityvulnerability.io/vulnerability/CVE-2021-31884,,"A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Capital VSTAR (All versions with enabled Ethernet options), Desigo PXC00-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC00-U (All versions >= V2.3 and < V6.30.016), Desigo PXC001-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC100-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC12-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC128-U (All versions >= V2.3 and < V6.30.016), Desigo PXC200-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC22.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC36.1-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC50-E.D (All versions >= V2.3 and < V6.30.016), Desigo PXC64-U (All versions >= V2.3 and < V6.30.016), Desigo PXM20-E (All versions >= V2.3 and < V6.30.016), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions < V3.5.4), TALON TC Modular (BACnet) (All versions < V3.5.4). The DHCP client application assumes that the data supplied with the “Hostname” DHCP option is NULL terminated. In cases when global hostname variable is not defined, this may lead to Out-of-bound reads, writes, and Denial-of-service conditions. (FSMD-2021-0014)",Siemens,"Apogee Mbc (ppc) (bacnet),Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (bacnet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Capital Vstar,Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Readystart V3,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",9.8,CRITICAL,0.003530000103637576,false,,false,false,false,,false,false,2021-11-09T11:31:57.000Z,0
CVE-2021-27391,https://securityvulnerability.io/vulnerability/CVE-2021-27391,,"A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.",Siemens,"Apogee Mbc (ppc) (p2 Ethernet),Apogee Mec (ppc) (p2 Ethernet),Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",9.8,CRITICAL,0.007899999618530273,false,,false,false,false,,false,false,2021-09-14T10:47:31.000Z,0
CVE-2021-25677,https://securityvulnerability.io/vulnerability/CVE-2021-25677,,"A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.",Siemens,"Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Nucleus Net,Nucleus Readystart V3,Nucleus Readystart V4,Nucleus Source Code,Simotics Connect 400,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",5.3,MEDIUM,0.0010499999625608325,false,,false,false,false,,false,false,2021-04-22T20:42:21.000Z,0
CVE-2020-27738,https://securityvulnerability.io/vulnerability/CVE-2020-27738,,"A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.",Siemens,"Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Nucleus Net,Nucleus Readystart V3,Nucleus Readystart V4,Nucleus Source Code,Simotics Connect 400,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",6.5,MEDIUM,0.0028800000436604023,false,,false,false,false,,false,false,2021-04-22T20:42:20.000Z,0
CVE-2020-27736,https://securityvulnerability.io/vulnerability/CVE-2020-27736,,"A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.",Siemens,"Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Nucleus Net,Nucleus Readystart V3,Nucleus Readystart V4,Nucleus Source Code,Simotics Connect 400,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",6.5,MEDIUM,0.0016700000269338489,false,,false,false,false,,false,false,2021-04-22T20:42:19.000Z,0
CVE-2020-27009,https://securityvulnerability.io/vulnerability/CVE-2020-27009,,"A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.",Siemens,"Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Nucleus Net,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",8.1,HIGH,0.14601999521255493,false,,false,false,false,,false,false,2021-04-22T20:42:19.000Z,0
CVE-2020-15795,https://securityvulnerability.io/vulnerability/CVE-2020-15795,,"A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.",Siemens,"Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Nucleus Net,Nucleus Source Code,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",8.1,HIGH,0.006440000142902136,false,,false,false,false,,false,false,2021-04-22T20:42:19.000Z,0
CVE-2020-27737,https://securityvulnerability.io/vulnerability/CVE-2020-27737,,"A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition  or leak the memory past the allocated structure.",Siemens,"Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Nucleus Net,Nucleus Readystart V3,Nucleus Readystart V4,Nucleus Source Code,Simotics Connect 400,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",6.5,MEDIUM,0.0016700000269338489,false,,false,false,false,,false,false,2021-04-22T20:42:19.000Z,0
CVE-2020-28388,https://securityvulnerability.io/vulnerability/CVE-2020-28388,,"A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.",Siemens,"Apogee Pxc Compact (bacnet),Apogee Pxc Compact (p2 Ethernet),Apogee Pxc Modular (bacnet),Apogee Pxc Modular (p2 Ethernet),Nucleus Net,Nucleus Readystart V3,Nucleus Source Code,Pluscontrol 1st Gen,Talon Tc Compact (bacnet),Talon Tc Modular (bacnet)",6.5,MEDIUM,0.002589999930933118,false,,false,false,false,,false,false,2021-02-09T00:00:00.000Z,0