25 matches found
CVE-2018-4834
A vulnerability has been identified in Desigo PXC00-E.D V4.10 All versions V4.10.111, Desigo PXC00-E.D V5.00 All versions V5.0.171, Desigo PXC00-E.D V5.10 All versions V5.10.69, Desigo PXC00-E.D V6.00 All versions V6.0.204, Desigo PXC00/64/128-U V4.10 All versions V4.10.111 only with web module,...
Siemens Desigo PXC Improper Authentication (CVE-2018-4834)
A remote attacker with network access to the device could potentially upload a new firmware image to the devices without prior authentication. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
Siemens Desigo PXC and DXR Devices Observable Discrepancy (CVE-2022-24043)
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application fails to normalize the response times o...
PT-2022-24394 · Mentor Graphics +1 · Nucleus Net For Nucleus Plus V1 +17
Name of the Vulnerable Software and Affected Versions: APOGEE MBC PPC BACnet versions All APOGEE MBC PPC P2 Ethernet versions All APOGEE MEC PPC BACnet versions All APOGEE MEC PPC P2 Ethernet versions All APOGEE PXC Compact BACnet versions prior to V3.5.7 APOGEE PXC Compact P2 Ethernet versions...
The vulnerability of the AddCell function in the web server of the microprogramming software for building automation modules Desigo PXC4 and PXC5 allows a hacker to execute arbitrary code by injecting specially crafted XML into the XLS report file.
The vulnerability of the AddCell function in the web server of the microprogramming software for building automation modules, Desigo PXC4 and PXC5, is related to errors during the elimination of special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...
Siemens Desigo PXC and DXR Devices
1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PXC and DXR Devices Vulnerabilities: Special Element Injection, Uncontrolled Resource Consumption, Use of Password Hash with Insufficient Computational Effort, Insufficient Session...
Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-37376)
Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...
Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-37374)
Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...
Siemens Desigo PXC and DXR Devices have unspecified vulnerabilities
Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...
Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-36376)
Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...
Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-37375)
Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...
CVE-2022-24039
A vulnerability has been identified in Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The “addCell” JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such...
CVE-2022-24042
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application returns an AuthToken that does not expire at the defined auto...
多款Siemens产品安全漏洞
Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...
PT-2022-2567 · Siemens · Desigo Pxc4 +1
Name of the Vulnerable Software and Affected Versions: Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: A vulnerability has been identified in the addCell JavaScript function, which fails to properly sanitize user-controllable input...
PT-2022-3425 · Siemens · Desigo Pxc4 +3
Name of the Vulnerable Software and Affected Versions: Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: A vulnerability has been identified i...
CVE-2021-31888
A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...
Design/Logic Flaw
A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...
CVE-2021-31344
CVE-2021-31344 affects Siemens/Nucleus-based devices such as Capital Embedded AR Classic, PLUSCONTROL 1st Gen, and SIMOTICS CONNECT 400 (all versions with certain UDP/ICMP handling). The vulnerability is triggered by ICMP echo packets with fake IP options, enabling ICMP echo replies to arbitrary ...
Siemens Desigo PXC Detection (BACNET)
Detection of Siemens Desigo PXC Tries to detect Siemens Desigo PXC over the BACnet protocol. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...