CVE-2017-9946
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD
Description
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.
Affected (4)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Apogee Pxc | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Apogee Pxc Modular | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Talon Tc Compact | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.5 |
| Running on/with | Platform Versions |
|---|---|
Siemens Talon Tc Modular | All versions |
References (9)
Source: productcert@siemens.com
ExploitThird Party AdvisoryVDB Entry
Source: productcert@siemens.com
Broken LinkThird Party AdvisoryVDB Entry
Source: productcert@siemens.com
Vendor Advisory
Source: productcert@siemens.com
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Timeline
No history available yet.