CVE-2022-45937
published 2022-12-13CVE-2022-45937: A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | apogee_pxc_compact | — | — |
| siemens | apogee_pxc_compact | — | — |
| siemens | apogee_pxc_modular | — | — |
| siemens | apogee_pxc_modular | — | — |
| siemens | pxc00-e96.a_firmware | < 3.5.5 | 3.5.5 |
| siemens | pxc100-e96.a_firmware | < 3.5.5 | 3.5.5 |
| siemens | pxc16.2-pe.a_firmware | < 2.8.20 | 2.8.20 |
| siemens | pxc24.2-pe.a_firmware | < 2.8.20 | 2.8.20 |
| siemens | pxc24.2-pef.a_firmware | < 2.8.20 | 2.8.20 |
| siemens | pxc24.2-per.a_firmware | < 2.8.20 | 2.8.20 |
| siemens | pxc24.2-perf.a_firmware | < 2.8.20 | 2.8.20 |
| siemens | pxx-485.3_firmware | < 3.5.5 | 3.5.5 |
| siemens | talon_tc_compact | — | — |
| siemens | talon_tc_modular | — | — |
| siemens | talon_tc_modular_firmware | < 3.5.5 | 3.5.5 |