CVE-2022-45937 — Improper Access Control in Siemens Talon TC Modular Firmware

CWE-284 — Improper Access Control3 documents3 sources

Severity

6.5MEDIUMNVD

CNA8.8

EPSS

0.3%

top 44.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Pxc00-e96.a Firmware Siemens Pxc100-e96.a Firmware Siemens Pxc16.2-pe.a Firmware +10 more

Timeline

PublishedDec 13

Description

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the d…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages13 packages

▶CVEListV5siemens/apogee_pxc_compactAll versions < V2.8.20, All versions < V3.5.5+1

▶CVEListV5siemens/apogee_pxc_modularAll versions < V2.8.20, All versions < V3.5.5+1

▶NVDsiemens/talon_tc_modular_firmware< 3.5.5

▶CVEListV5siemens/talon_tc_compactAll versions < V3.5.5

▶CVEListV5siemens/talon_tc_modularAll versions < V3.5.5

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

CVEList

CVE-2022-45937: A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3↗2022-12-13

▶

GHSA

GHSA-p69w-f9ww-g922: A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3↗2022-12-13

▶