Buffer overflow in Siemens Apogee Mbc (Ppc) (P2 Ethernet)

CVE-2021-27391

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet)…

Vulnerability class: Buffer Overflow

EPSS: 0.029 (86.5th percentile) — read the EPSS interpretation.

Affected products

Siemens Apogee Mbc (Ppc) (P2 Ethernet) — versions All versions >= V2.6.3
Siemens Apogee Mec (Ppc) (P2 Ethernet) — versions All versions >= V2.6.3
Siemens Apogee Pxc Compact (Bacnet) — versions All versions < V3.5.3
Siemens Apogee Pxc Compact (P2 Ethernet) — versions All versions >= V2.8
Siemens Apogee Pxc Modular (Bacnet) — versions All versions < V3.5.3
Siemens Apogee Pxc Modular (P2 Ethernet) — versions All versions >= V2.8
Siemens Talon Tc Compact (Bacnet) — versions All versions < V3.5.3
Siemens Talon Tc Modular (Bacnet) — versions All versions < V3.5.3

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

References

cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf (x_refsource_MISC)