CVE-2020-15795 : What You Need to Know

A vulnerability has been identified in Siemens products, affecting various versions and potentially allowing code execution or denial-of-service attacks.

Understanding CVE-2020-15795

What is CVE-2020-15795?

The vulnerability in Siemens products could lead to code execution or denial-of-service attacks due to improper validation of DNS domain name labels in DNS responses.

The Impact of CVE-2020-15795

The vulnerability could be exploited by an attacker with network privileges to execute code within the current process or cause a denial-of-service condition.

Technical Details of CVE-2020-15795

Vulnerability Description

The issue arises from the parsing of malformed DNS responses, potentially resulting in a write past the end of an allocated structure.

Affected Systems and Versions

APOGEE PXC Compact (BACnet): All versions < V3.5.5
APOGEE PXC Compact (P2 Ethernet): All versions < V2.8.20
APOGEE PXC Modular (BACnet): All versions < V3.5.5
APOGEE PXC Modular (P2 Ethernet): All versions < V2.8.20
Nucleus NET: All versions < V5.2
Nucleus Source Code: Versions including affected DNS modules
TALON TC Compact (BACnet): All versions < V3.5.5
TALON TC Modular (BACnet): All versions < V3.5.5

Exploitation Mechanism

The vulnerability can be exploited by leveraging the parsing of malformed DNS responses to execute code or trigger denial-of-service attacks.

Mitigation and Prevention

Immediate Steps to Take

Apply patches provided by Siemens to address the vulnerability.
Implement network segmentation to limit the impact of potential attacks.
Monitor network traffic for any suspicious activities.

Long-Term Security Practices

Regularly update and patch all software and firmware in the affected products.
Conduct security assessments and penetration testing to identify and address vulnerabilities.

Patching and Updates

Ensure that all affected Siemens products are updated to versions that contain fixes for the DNS domain name label parsing vulnerability.