PT-2017-19308 · Siemens · Siemens Apogee Pxc+1

Published

2017-10-23

Updated

2023-05-09

CVE-2017-9947

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Siemens APOGEE PXC and TALON TC BACnet Automation Controllers versions prior to V3.5

Description A directory traversal issue could allow a remote attacker with network access to the integrated web server to obtain information on the structure of the file system of the affected devices. The attacker would need access to the network and the integrated web server on ports 80/tcp and 443/tcp.

Recommendations For versions prior to V3.5, update to version V3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the integrated web server on ports 80/tcp and 443/tcp to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-538CWE-22

Related Identifiers

CVE-2017-9947

Affected Products

Siemens Apogee Pxc

Siemens Talon Tc Bacnet Automation Controllers

PT-2017-19308 · Siemens · Siemens Apogee Pxc+1

CVE-2017-9947

Weakness Enumeration

Related Identifiers

Affected Products

References · 7