Описание
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Vendor Advisory
- Broken LinkVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB Entry
- Vendor Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.5 (исключая)
Одновременно
cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*
Конфигурация 2Версия до 3.5 (исключая)
Одновременно
cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*
Конфигурация 3Версия до 3.5 (исключая)
Одновременно
cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*
Конфигурация 4Версия до 3.5 (исключая)
Одновременно
cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00749
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287
CWE-287
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.
EPSS
Процентиль: 73%
0.00749
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-287
CWE-287