CVE-2024-54089

Summary

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the password from the cyphertext.

Affected Software

VendorProductVersion RangeStatus
SiemensAPOGEE PXC Series (BACnet)0 < *affected
SiemensAPOGEE PXC Series (P2 Ethernet)0 < *affected
SiemensTALON TC Series (BACnet)0 < *affected

Weaknesses

  • CWE-326: CWE-326: Inadequate Encryption Strength

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References