Denial of Service Vulnerability in APOGEE PXC+TALON TC Series (BACnet)
CVE-2025-40555

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Apogee Pxc+talon Tc Series (bacnet)
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-40555?

A vulnerability has been identified in the APOGEE PXC+TALON TC Series (BACnet) devices that allows for the sending of unsolicited BACnet broadcast messages after processing a certain BACnet createObject request. This flaw could enable an attacker within the same BACnet network to transmit a specially crafted message, potentially leading to a partial denial of service condition. The affected device may suffer from reduced availability, and users may need to perform a power cycle to restore standard operation.

Affected Version(s)

APOGEE PXC+TALON TC Series (BACnet) 0

References

https://cert-portal.siemens.com/productcert/html/ssa-7183...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 16, 2025

Siemens

What is CVE-2025-40555?

Affected Version(s)

References

CVSS V4

Timeline