Authentication Bypass in Siemens APOGEE PXC and TALON TC BACnet Controllers
CVE-2017-9946

7.5HIGH

Key Information:

Vendor: Siemens
Status: Apogee Pxc And Talon Tc Bacnet Automation Controllers All Versions <v3.5
Vendor: CVE Published:; 23 October 2017

What is CVE-2017-9946?

A security vulnerability exists in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers that allows an attacker with network access to the integrated web server to bypass authentication measures. By exploiting this flaw, unauthorized users can gain access to sensitive information stored on the device, which may lead to exposure of critical data and potentially compromise the overall system integrity. Affected versions include all prior to version 3.5. Organizations utilizing these devices should prioritize implementing appropriate security measures to mitigate potential risks.

Affected Version(s)

APOGEE PXC and TALON TC BACnet Automation Controllers All <V3.5 APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5

References

http://www.securityfocus.com/bid/101248

vdb-entry

https://www.siemens.com/cert/pool/cert/siemens_security_a...

https://cert-portal.siemens.com/productcert/pdf/ssa-14807...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2017
Vulnerability Reserved
Jun 26, 2017