Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-37375)

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA (Total Room Automation) applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use Desigo room automation when multiple disciplines (HVAC, lighting, shading) are combined to form a single solution, and when a high degree of flexibility is required.The Desigo PXC4 building automation controller is designed for HVAC system control. It is a compact device with built-in IOs that can be expanded to meet your needs with additional TX-IO modules.The Desigo PXC5 is a freely programmable controller for BACnet system-level functions such as alarm routing, system-wide scheduling and trending, and equipment monitoring.Siemens Desigo PXC and DXR Devices have security vulnerability that could be exploited by an attacker to obtain a list of valid user names on the device and then perform an exact password or credential stuffing attack to gain access to at least one account.