CVE-2022-45937

Published: Dec 13, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.

Affected (9)

Products: Siemens: Pxc00 E96.a Firmware, Pxc100 E96.a Firmware, Pxx 485.3 Firmware, Pxc16.2 Pe.a Firmware, Pxc24.2 Pe.a Firmware, Pxc24.2 Pef.a Firmware, Pxc24.2 Per.a Firmware, Pxc24.2 Perf.a Firmware, Talon Tc Modular (bacnet) Firmware

Siemens

9 products

Pxc00 E96.a Firmware

Pxc100 E96.a Firmware

Pxx 485.3 Firmware

Pxc16.2 Pe.a Firmware

Pxc24.2 Pe.a Firmware

Pxc24.2 Pef.a Firmware

Pxc24.2 Per.a Firmware

Pxc24.2 Perf.a Firmware

Talon Tc Modular (bacnet) Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Pxc00 E96.a Firmware	Before 3.5.5

Running on/with	Platform Versions
Siemens Pxc00 E96.a	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Pxc100 E96.a Firmware	Before 3.5.5

Running on/with	Platform Versions
Siemens Pxc100 E96.a	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Pxx 485.3 Firmware	Before 3.5.5

Running on/with	Platform Versions
Siemens Pxx 485.3	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Pxc16.2 Pe.a Firmware	Before 2.8.20

Running on/with	Platform Versions
Siemens Pxc16.2 Pe.a	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Pxc24.2 Pe.a Firmware	Before 2.8.20

Running on/with	Platform Versions
Siemens Pxc24.2 Pe.a	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Pxc24.2 Pef.a Firmware	Before 2.8.20

Running on/with	Platform Versions
Siemens Pxc24.2 Pef.a	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Pxc24.2 Per.a Firmware	Before 2.8.20

Running on/with	Platform Versions
Siemens Pxc24.2 Per.a	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Pxc24.2 Perf.a Firmware	Before 2.8.20

Running on/with	Platform Versions
Siemens Pxc24.2 Perf.a	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Talon Tc Modular (bacnet) Firmware	Before 3.5.5

Running on/with	Platform Versions
Siemens Talon Tc Modular (bacnet)	All versions

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.