CVE-2024-54089

Name of the Vulnerable Software and Affected Versions: APOGEE PXC Series (BACnet) (All versions) APOGEE PXC Series (P2 Ethernet) (All versions) TALON TC Series (BACnet) (All versions)

Description: A vulnerability has been identified in the affected devices, which contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the password from the cyphertext.

Recommendations: For APOGEE PXC Series (BACnet) (All versions), consider disabling the use of the hard-coded encryption key until a patch is available. For APOGEE PXC Series (P2 Ethernet) (All versions), restrict access to sensitive data to minimize the risk of exploitation. For TALON TC Series (BACnet) (All versions), avoid using the weak encryption mechanism until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.