Siemens Desigo PXC and DXR Devices Improper Restriction of Excessive Authentication Attempts (CVE-2022-24044)

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

Siemens Desigo PXC and DXR Devices Observable Discrepancy (CVE-2022-24043)

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application fails to normalize the response times o...

Siemens Desigo PXC and DXR Devices Uncaught Exception (CVE-2021-41545)

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. When the controller receives a specific BACnet protocol packet, an exception cause...

CVE-2022-41479

The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...

The vulnerabilities of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 station modules allow a intruder to cause service failures.

The vulnerability of the microprogramming software for the Desigo DXR2, PXC3, PXC4, and PXC5 stations is related to an exception handling error. Exploiting this vulnerability could allow a perpetrator to cause service failures by installing a key derived from PBKDF2...

Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-37376)

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

Siemens Desigo PXC and DXR Devices

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: PXC and DXR Devices Vulnerabilities: Special Element Injection, Uncontrolled Resource Consumption, Use of Password Hash with Insufficient Computational Effort, Insufficient Session...

Siemens Desigo PXC and DXR Devices have unspecified vulnerabilities

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-36376)

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-37374)

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

Unspecified Vulnerability in Siemens Desigo PXC and DXR Devices (CNVD-2022-37375)

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

Siemens Desigo PXC and DXR Devices Remote Code Execution Vulnerability

The Desigo PXC4 building automation controller is designed for HVAC system control. It is a compact device with built-in IOs that can be expanded to meet your needs with additional TX-IO modules.The Desigo PXC5 is a freely programmable controller for BACnet system-level functions such as alarm...

Siemens Desigo PXC and DXR Devices Uncontrolled Resource Consumption Vulnerability

Desigo DXR2 controllers are programmable automation stations to support the standard control needs of end HVAC equipment and TRA Total Room Automation applications. the Desigo PXC3 series of automation stations can be used in buildings where functionality and flexibility are more demanding. Use...

PT-2022-3425 · Siemens · Desigo Pxc4 +3

Name of the Vulnerable Software and Affected Versions: Desigo DXR2 versions prior to V01.21.142.5-22 Desigo PXC3 versions prior to V01.21.142.4-18 Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: A vulnerability has been identified i...