CVE-2022-45937

moderate-risk
Published 2022-12-13

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.

Do I need to act?

-
0.32% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (9)

Pxc00-E96.A Firmware
Pxc100-E96.A Firmware
Pxx-485.3 Firmware
Pxc16.2-Pe.A Firmware
Pxc24.2-Pe.A Firmware
Pxc24.2-Pef.A Firmware
Pxc24.2-Per.A Firmware
Pxc24.2-Perf.A Firmware
Talon Tc Modular \(Bacnet\) Firmware

Affected Vendors

Siemens

References (2)

Patch https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf
Patch https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf
46
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 15/34 · Moderate