20 matches found
PT-2022-27694 · Unknown · Talon Tc Compact +3
Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 TALON TC Compact BACnet...
CVE-2022-38371
A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 =...
CVE-2021-31883
CVE-2021-31883 affects Siemens APOGEE MBC / TALON products (Nucleus RTOS) including APOGEE MBC (PPC/BACnet), APOGEE MEC, APOGEE PXC Compact/Modular, Desigo PXC variants, and Capital VSTAR with Ethernet options. Root cause: DHCP client processing fails to validate the length of Vendor option(s) in...
CVE-2021-31882
CVE-2021-31882 affects Siemens APOGEE MBC/TALON/Nucleus products (e.g., Capital Embedded AR Classic 431-422 family and AR Classic R20-11, affected “All versions” in some entries). The root cause is that the DHCP client does not validate the length of the Domain Name Server IP option (0x06) when p...
PT-2021-19564 · Unknown · Nucleus Readystart V3 +9
Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 APOGEE MBC PPC BACnet all versions APOGEE MBC PPC P2 Ethernet all versions APOGEE MEC PPC BACnet all versions APOGEE MEC PP...
CVE-2021-27391
A vulnerability has been identified in APOGEE MBC PPC P2 Ethernet All versions = V2.6.3, APOGEE MEC PPC P2 Ethernet All versions = V2.6.3, APOGEE PXC Compact BACnet All versions = V2.8, APOGEE PXC Modular BACnet All versions = V2.8, TALON TC Compact BACnet All versions V3.5.3, TALON TC Modular...
CVE-2021-27391
Summary: CVE-2021-27391 affects Siemens APOGEE and TALON devices. The vulnerability is a buffer overflow in the web server caused by improper bounds checking when parsing the Host header in HTTP requests. The issue affects multiple products/versions: APOGEE MBC (PPC) and APOGEE MEC (PPC) with ver...
CVE-2021-25677
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions = V0.5.0.0 V1.0.0.0, TALON TC Compact BACnet All versions V3.5.5, TALON TC Modular BACnet All versions V3.5.5. The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the D...
CVE-2020-27009
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...
CVE-2020-15795
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus Source Code Version...
CVE-2021-25677
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions = V0.5.0.0 V1.0.0.0, TALON TC Compact BACnet All versions V3.5.5, TALON TC Modular BACnet All versions V3.5.5. The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the D...
CVE-2021-25677
CVE-2021-25677 concerns DNS transaction ID randomness in Siemens DNS clients across multiple products (APOGEE PXC BACnet/P2 Ethernet, Nucleus NET/ReadyStart, SIMOTICS CONNECT 400, TALON TC). Root cause: DNS client does not properly randomize transaction IDs, enabling potential DNS cache poisoning...
PT-2021-2645 · Unknown · Apogee Pxc Compact +5
Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET versions prior...
PT-2021-2646 · Siemens +1 · Simotics Connect 400 +8
Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET affected...
PT-2021-2648 · Siemens +1 · Simotics Connect 400 +7
Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET affected...
CVE-2020-28388
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...
Buffer overflow
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...
CVE-2020-28388
A vulnerability has been identified in APOGEE PXC Compact BACnet All versions V3.5.5, APOGEE PXC Compact P2 Ethernet All versions V2.8.20, APOGEE PXC Modular BACnet All versions V3.5.5, APOGEE PXC Modular P2 Ethernet All versions V2.8.20, Nucleus NET All versions V5.2, Nucleus ReadyStart V3 All...
PT-2021-7763 · Unknown · Nucleus Net +7
Name of the Vulnerable Software and Affected Versions: APOGEE PXC Compact BACnet versions prior to V3.5.5 APOGEE PXC Compact P2 Ethernet versions prior to V2.8.20 APOGEE PXC Modular BACnet versions prior to V3.5.5 APOGEE PXC Modular P2 Ethernet versions prior to V2.8.20 Nucleus NET versions prior...
Siemens BACnet Field Panels (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: BACnet Field Panels Vulnerabilities: Authentication Bypass Using an Alternate Path or Channel, Path Traversal 2. UPDATE INFORMATION This updated advisory is a follow-up to the...