PT-2017-19307 · Siemens · Siemens Apogee Pxc+1
Published
2017-10-23
·
Updated
2023-05-09
·
CVE-2017-9946
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Siemens APOGEE PXC and TALON TC BACnet Automation Controllers versions prior to V3.5
Description
A vulnerability has been identified that allows an attacker with network access to the integrated web server to bypass authentication and download sensitive information from the device. The attacker can access the web server through ports 80/tcp and 443/tcp.
Recommendations
For versions prior to V3.5, update to version V3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the integrated web server on ports 80/tcp and 443/tcp to minimize the risk of exploitation.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siemens Apogee Pxc
Siemens Talon Tc Bacnet Automation Controllers