CVE-2025-40757

Summary

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices connected to the network allow unrestricted access to sensitive files, such as databases. This could allow an attacker to download encrypted .db file containing passwords.

Affected Software

VendorProductVersion RangeStatus
SiemensAPOGEE PXC Series (BACnet)0 < *affected
SiemensAPOGEE PXC Series (P2 Ethernet)0 < *affected
SiemensTALON TC Series (BACnet)0 < *affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References