CVE-2025-40555

Name of the Vulnerable Software and Affected Versions: APOGEE PXC+TALON TC Series (BACnet) (All versions)

Description: A vulnerability has been identified that could allow an attacker residing in the same BACnet network to send a specially crafted message, resulting in a partial denial of service condition of the targeted device. This occurs after the device processes a specific BACnet createObject request, causing it to send unsolicited BACnet broadcast messages. The issue could potentially reduce the availability of the BACnet network. A power cycle is required to restore the device's normal operation.

Recommendations: For APOGEE PXC+TALON TC Series (BACnet), consider restricting access to the BACnet network to minimize the risk of exploitation until a fix is available. As a temporary workaround, power cycling the device can restore its normal operation after a denial of service condition occurs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.