Lucene search

[email protected]CVE-2022-45937

HistoryDec 13, 2022 - 4:15 p.m.

CVE-2022-45937

2022-12-1316:15:24

CWE-284

[email protected]

web.nvd.nist.gov

cve-2022-45937

vulnerability

apogee

talon

pxc compact

pxc modular

talon tc

bacnet

p2 ethernet

web server

information disclosure

credentials

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

JSON

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.

Affected configurations

NVD

Node

siemenspxc00-e96.aMatch-

AND

siemenspxc00-e96.a_firmwareRange<3.5.5

Node

siemenspxc100-e96.aMatch-

AND

siemenspxc100-e96.a_firmwareRange<3.5.5

Node

siemenspxx-485.3Match-

AND

siemenspxx-485.3_firmwareRange<3.5.5

Node

siemenspxc16.2-pe.aMatch-

AND

siemenspxc16.2-pe.a_firmwareRange<2.8.20

Node

siemenspxc24.2-pe.aMatch-

AND

siemenspxc24.2-pe.a_firmwareRange<2.8.20

Node

siemenspxc24.2-pef.aMatch-

AND

siemenspxc24.2-pef.a_firmwareRange<2.8.20

Node

siemenspxc24.2-per.aMatch-

AND

siemenspxc24.2-per.a_firmwareRange<2.8.20

Node

siemenspxc24.2-perf.aMatch-

AND

siemenspxc24.2-perf.a_firmwareRange<2.8.20

Node

siemenstalon_tc_modular_\(bacnet\)_firmwareRange<3.5.5

AND

siemenstalon_tc_modular_\(bacnet\)Match-

CPENameOperatorVersion
siemens:pxc00-e96.a_firmwaresiemens pxc00-e96.a firmwarelt3.5.5

CPE	Name	Operator	Version
siemens:pxc00-e96.a_firmware	siemens pxc00-e96.a firmware	lt	3.5.5

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Compact (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Compact (P2 Ethernet)",
    "versions": [
      {
        "version": "All versions < V2.8.20",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Modular (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "APOGEE PXC Modular (P2 Ethernet)",
    "versions": [
      {
        "version": "All versions < V2.8.20",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TALON TC Compact (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "vendor": "Siemens",
    "product": "TALON TC Modular (BACnet)",
    "versions": [
      {
        "version": "All versions < V3.5.5",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]