CVE-2025-40757
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices connected to the network allow unrestricted access to sensitive files, such as databases. This could allow an attacker to download encrypted .db file containing passwords.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Siemens | APOGEE PXC Series (BACnet) | 0 < * | affected |
| Siemens | APOGEE PXC Series (P2 Ethernet) | 0 < * | affected |
| Siemens | TALON TC Series (BACnet) | 0 < * | affected |
Weaknesses
- CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.