CVE-2017-9947 — Insertion of Sensitive Information into Externally-Accessible File or Directory in Siemens Apogee PXC Firmware

CWE-538 — Insertion of Sensitive Information into Externally-Accessible File or Directory CWE-22 — Path Traversal3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

10.0%

top 6.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Apogee PXC Firmware Siemens Apogee PXC Modular Firmware Siemens Talon TC Compact Firmware +1 more

Timeline

PublishedOct 23

Latest updateMay 13

Description

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDsiemens/apogee_pxc_firmware< 3.5

▶NVDsiemens/talon_tc_compact_firmware< 3.5

▶NVDsiemens/talon_tc_modular_firmware< 3.5

▶NVDsiemens/apogee_pxc_modular_firmware< 3.5

🔴Vulnerability Details

GHSA

GHSA-m28r-jg2j-26cv: A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3↗2022-05-13

▶

CVEList

CVE-2017-9947: A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3↗2017-10-23

▶