What is the severity of CVE-2021-27391?

CVE-2021-27391 has been classified with a medium severity rating.

How do I fix CVE-2021-27391?

To mitigate the effects of CVE-2021-27391, upgrade affected Siemens APOGEE products to the latest available firmware versions.

Which versions are affected by CVE-2021-27391?

CVE-2021-27391 affects Siemens APOGEE MBC, MEC, PXC Compact, and PXC Modular products running specific firmware versions prior to the recommended updates.

What are the implications of CVE-2021-27391?

Exploitation of CVE-2021-27391 could allow an attacker to compromise the affected systems and disrupt operations.

Is there a patch available for CVE-2021-27391?

Yes, Siemens has provided patches for CVE-2021-27391 and users are encouraged to apply them promptly.

Vulnerability/
CVE-2021-27391

critical

CWE

120 119

14/9/2021

3/8/2024

CVE-2021-27391: Buffer Overflow

First published: Tue Sep 14 2021(Updated: )

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

Credit: productcert@siemens.com

Affected Software	Affected Version	How to fix
Siemens APOGEE MBC (ppc) (p2 ethernet) Firmware	<=2.6.3
Siemens APOGEE MBC (PPC) (P2 Ethernet)
Siemens APOGEE MEC (PPC) (P2 Ethernet) Firmware	<=2.6.3
Siemens APOGEE MEC (PPC) (P2 Ethernet)
Siemens APOGEE PXC Modular (BACnet) Firmware	<3.5.3
Siemens APOGEE PXC BACnet Automation Controller Firmware
Siemens APOGEE PXC Compact (P2 Ethernet) Firmware	<=2.8
Siemens APOGEE PXC Compact (P2 Ethernet)
Siemens APOGEE PXC Modular (BACnet) Firmware	<3.5.3
siemens APOGEE PXC Modular (bacnet)
siemens APOGEE PXC Modular (p2 ethernet) firmware	<=2.8
Siemens APOGEE PXC Modular (P2 Ethernet)
Siemens TALON TC Compact (BACnet) Firmware	<3.5.3
siemens TALON TC Compact (bacnet)
siemens TALON TC Modular (bacnet) firmware	<3.5.3
siemens TALON TC Modular (bacnet)

Remedy

https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf

Never miss a vulnerability like this again

Reference Links

https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf

Frequently Asked Questions

What is the severity of CVE-2021-27391?
CVE-2021-27391 has been classified with a medium severity rating.
How do I fix CVE-2021-27391?
To mitigate the effects of CVE-2021-27391, upgrade affected Siemens APOGEE products to the latest available firmware versions.
Which versions are affected by CVE-2021-27391?
CVE-2021-27391 affects Siemens APOGEE MBC, MEC, PXC Compact, and PXC Modular products running specific firmware versions prior to the recommended updates.
What are the implications of CVE-2021-27391?
Exploitation of CVE-2021-27391 could allow an attacker to compromise the affected systems and disrupt operations.
Is there a patch available for CVE-2021-27391?
Yes, Siemens has provided patches for CVE-2021-27391 and users are encouraged to apply them promptly.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/author
agent/last-modified-date
agent/remedy
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/siemens
canonical/siemens apogee mbc (ppc) (p2 ethernet) firmware
version/siemens apogee mbc (ppc) (p2 ethernet) firmware/2.6.3
canonical/siemens apogee mbc (ppc) (p2 ethernet)
canonical/siemens apogee mec (ppc) (p2 ethernet) firmware
version/siemens apogee mec (ppc) (p2 ethernet) firmware/2.6.3
canonical/siemens apogee mec (ppc) (p2 ethernet)
canonical/siemens apogee pxc modular (bacnet) firmware
canonical/siemens apogee pxc bacnet automation controller firmware
canonical/siemens apogee pxc compact (p2 ethernet) firmware
version/siemens apogee pxc compact (p2 ethernet) firmware/2.8
canonical/siemens apogee pxc compact (p2 ethernet)
canonical/siemens apogee pxc modular (bacnet)
canonical/siemens apogee pxc modular (p2 ethernet) firmware
version/siemens apogee pxc modular (p2 ethernet) firmware/2.8
canonical/siemens apogee pxc modular (p2 ethernet)
canonical/siemens talon tc compact (bacnet) firmware
canonical/siemens talon tc compact (bacnet)
canonical/siemens talon tc modular (bacnet) firmware
canonical/siemens talon tc modular (bacnet)

Frequently Asked Questions

What is the severity of CVE-2021-27391?
CVE-2021-27391 has been classified with a medium severity rating.
How do I fix CVE-2021-27391?
To mitigate the effects of CVE-2021-27391, upgrade affected Siemens APOGEE products to the latest available firmware versions.
Which versions are affected by CVE-2021-27391?
CVE-2021-27391 affects Siemens APOGEE MBC, MEC, PXC Compact, and PXC Modular products running specific firmware versions prior to the recommended updates.
What are the implications of CVE-2021-27391?
Exploitation of CVE-2021-27391 could allow an attacker to compromise the affected systems and disrupt operations.
Is there a patch available for CVE-2021-27391?
Yes, Siemens has provided patches for CVE-2021-27391 and users are encouraged to apply them promptly.

CVE-2021-27391: Buffer Overflow

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-27391?

How do I fix CVE-2021-27391?

Which versions are affected by CVE-2021-27391?

What are the implications of CVE-2021-27391?

Is there a patch available for CVE-2021-27391?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2021-27391?

How do I fix CVE-2021-27391?

Which versions are affected by CVE-2021-27391?

What are the implications of CVE-2021-27391?

Is there a patch available for CVE-2021-27391?