CVE-2022-45937

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:siemens:pxc00-e96.a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:pxc00-e96.a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:siemens:pxc100-e96.a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:pxc100-e96.a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:siemens:pxx-485.3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:pxx-485.3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:siemens:pxc16.2-pe.a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:pxc16.2-pe.a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:siemens:pxc24.2-pe.a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:pxc24.2-pe.a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:siemens:pxc24.2-pef.a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:pxc24.2-pef.a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:pxc24.2-per.a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:pxc24.2-per.a:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:pxc24.2-perf.a_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:pxc24.2-perf.a:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:talon_tc_modular_\(bacnet\)_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:talon_tc_modular_\(bacnet\):-:*:*:*:*:*:*:*

History

08 Aug 2023, 10:15

Type	Values Removed	Values Added
Summary	A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.	A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.

Information

Published : 2022-12-13 16:15

Updated : 2024-02-28 19:51

NVD link : CVE-2022-45937

Mitre link : CVE-2022-45937

CVE.ORG link : CVE-2022-45937

JSON object : View

Products Affected

siemens

pxc24.2-per.a
pxc24.2-pef.a_firmware
talon_tc_modular_\(bacnet\)_firmware
pxc24.2-perf.a_firmware
pxc16.2-pe.a_firmware
pxc24.2-per.a_firmware
pxc24.2-pe.a_firmware
talon_tc_modular_\(bacnet\)
pxc00-e96.a_firmware
pxc100-e96.a_firmware
pxc00-e96.a
pxx-485.3
pxc24.2-perf.a
pxc16.2-pe.a
pxx-485.3_firmware
pxc100-e96.a
pxc24.2-pef.a
pxc24.2-pe.a

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

6.5 /10