Out-of-Bounds Read in APOGEE PXC and TALON TC Series by Siemens
CVE-2024-54090

6MEDIUM

Key Information:

Vendor: Siemens
Status: Apogee Pxc Series (bacnet); Apogee Pxc Series (p2 Ethernet); Talon Tc Series (bacnet)
Vendor: CVE Published:; 11 February 2025

Summary

A vulnerability has been discovered in various Siemens devices including the APOGEE PXC and TALON TC Series. The issue lies in an out-of-bounds read within the memory dump function. Attackers with sufficient privileges can exploit this flaw, leading to the device entering an insecure cold start state. This can potentially compromise the integrity of the system and expose critical functionalities under threat.

Affected Version(s)

APOGEE PXC Series (BACnet) 0

APOGEE PXC Series (P2 Ethernet) 0

TALON TC Series (BACnet) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-6151...

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Nov 28, 2024