PT-2017-19308 · Siemens · Siemens Apogee Pxc+1

Publicado

2017-10-23

Atualizado

2023-05-09

CVE-2017-9947

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Siemens APOGEE PXC and TALON TC BACnet Automation Controllers versions prior to V3.5

Description A directory traversal issue could allow a remote attacker with network access to the integrated web server to obtain information on the structure of the file system of the affected devices. The attacker would need access to the network and the integrated web server on ports 80/tcp and 443/tcp.

Recommendations For versions prior to V3.5, update to version V3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the integrated web server on ports 80/tcp and 443/tcp to minimize the risk of exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-538CWE-22

Identificadores relacionados

CVE-2017-9947

Produtos afetados

Siemens Apogee Pxc

Siemens Talon Tc Bacnet Automation Controllers

PT-2017-19308 · Siemens · Siemens Apogee Pxc+1

CVE-2017-9947

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7