PT-2022-27694 · Unknown · Apogee Pxc Compact+3
Published
2022-12-13
·
Updated
2023-08-08
·
CVE-2022-45937
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
APOGEE PXC Compact (BACnet) versions prior to V3.5.5
APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.20
APOGEE PXC Modular (BACnet) versions prior to V3.5.5
APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.20
TALON TC Compact (BACnet) versions prior to V3.5.5
TALON TC Modular (BACnet) versions prior to V3.5.5
Description
A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.
Recommendations
For APOGEE PXC Compact (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later.
For APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.20, update to version V2.8.20 or later.
For APOGEE PXC Modular (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later.
For APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.20, update to version V2.8.20 or later.
For TALON TC Compact (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later.
For TALON TC Modular (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apogee Pxc Compact
Apogee Pxc Modular
Talon Tc Compact
Talon Tc Modular