CVE-2022-45937

Summary

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.

Affected Software

VendorProductVersion RangeStatus
SiemensAPOGEE PXC Compact (BACnet)All versions < V3.5.5affected
SiemensAPOGEE PXC Compact (P2 Ethernet)All versions < V2.8.20affected
SiemensAPOGEE PXC Modular (BACnet)All versions < V3.5.5affected
SiemensAPOGEE PXC Modular (P2 Ethernet)All versions < V2.8.20affected
SiemensTALON TC Compact (BACnet)All versions < V3.5.5affected
SiemensTALON TC Modular (BACnet)All versions < V3.5.5affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References