CVE-2021-27391

CRITICAL

APOGEE MBC/MEC/PXC/TALON TC - Info Disclosure

Title source: llm

Description

A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE MEC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOGEE PXC Compact (BACnet) (All versions < V3.5.3), APOGEE PXC Compact (P2 Ethernet) (All versions >= V2.8), APOGEE PXC Modular (BACnet) (All versions < V3.5.3), APOGEE PXC Modular (P2 Ethernet) (All versions >= V2.8), TALON TC Compact (BACnet) (All versions < V3.5.3), TALON TC Modular (BACnet) (All versions < V3.5.3). The web server of affected devices lacks proper bounds checking when parsing the Host parameter in HTTP requests, which could lead to a buffer overflow. An unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code on the device with root privileges.

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf

Scores

CVSS v3 9.8

EPSS 0.0286

EPSS Percentile 86.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-120

Status published

Products (8)

siemens/apogee_mbc_\(ppc\)_\(p2_ethernet\)_firmware < 2.6.3

siemens/apogee_mec_\(ppc\)_\(p2_ethernet\)_firmware < 2.6.3

siemens/apogee_pxc_bacnet_automation_controller_firmware < 3.5.3

siemens/apogee_pxc_compact_\(p2_ethernet\)_firmware < 2.8

siemens/apogee_pxc_modular_\(bacnet\)_firmware < 3.5.3

siemens/apogee_pxc_modular_\(p2_ethernet\)_firmware < 2.8

siemens/talon_tc_compact_\(bacnet\)_firmware < 3.5.3

siemens/talon_tc_modular_\(bacnet\)_firmware < 3.5.3

Published Sep 14, 2021

Tracked Since Feb 18, 2026