Vulnerabilites related to siemens - apogee_pxc_firmware
cve-2017-9947
Vulnerability from cvelistv5
Published
2017-10-23 00:00
Modified
2024-08-05 17:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5 |
Version: APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:25:00.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101248",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101248"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5"
}
]
}
],
"datePublic": "2017-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "101248",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/101248"
},
{
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2017-9947",
"datePublished": "2017-10-23T00:00:00",
"dateReserved": "2017-06-26T00:00:00",
"dateUpdated": "2024-08-05T17:25:00.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13939
Vulnerability from cvelistv5
Published
2020-01-16 15:35
Modified
2024-08-05 00:05
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Siemens | Capital Embedded AR Classic 431-422 |
Version: 0 < * |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:43.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434032.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-162506.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Capital Embedded AR Classic 431-422",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Capital Embedded AR Classic R20-11",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2303",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus NET",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus ReadyStart V3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2017.02.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Nucleus Source Code",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T08:59:33.850Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434032.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-162506.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-13939",
"datePublished": "2020-01-16T15:35:24",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-05T00:05:43.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9946
Vulnerability from cvelistv5
Published
2017-10-23 00:00
Modified
2024-08-05 17:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5 |
Version: APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:25:00.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101248",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101248"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5"
}
]
}
],
"datePublic": "2017-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-28T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"name": "101248",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/101248"
},
{
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2017-9946",
"datePublished": "2017-10-23T00:00:00",
"dateReserved": "2017-06-26T00:00:00",
"dateUpdated": "2024-08-05T17:25:00.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-01-16 16:15
Modified
2024-11-21 04:25
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
7.1 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC45D63-0FB7-4995-AF45-B41F6EF6A9E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A987CFB-4A41-4F82-8C7F-31DE8F0650DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE16530A-D354-43A0-A2C7-DB312646C69C",
"versionEndExcluding": "2017.02.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_safetycert:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7ED0DBA9-FFB1-407C-8429-BCD24DCB33FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07DAF9C3-B56A-4F40-B90B-D0DE96869A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:siemens:nucleus_rtos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "485540AD-9966-49B0-AC24-BEFE81C4D4E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8240E52-8D3B-40AF-944F-5AD993279B07",
"versionEndExcluding": "2.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7945BF7D-AB3A-4285-9C58-D56149ADFC15",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "217F3116-5F09-4D60-BD65-8960401434AF",
"versionEndExcluding": "2.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F978E7-3DD9-4948-BFFB-E7273003477B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1206DD28-16D8-4F71-BABA-FDCE3CD9A91D",
"versionEndIncluding": "2.8.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B73DAA70-4CFB-4E63-ADC7-EC8A93E0BBBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "741E43A3-43D1-4ECF-915A-92E035FF8903",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8ED54EF-1BAB-465B-A4D1-E779F63CF4F0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxm20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "669CAA1B-9E47-4331-8E1F-92D562F3CFF2",
"versionStartIncluding": "2.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxm20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "408DD298-FAC6-45E6-BF04-832C16B13927",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:simotics_connect_400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E01F98E1-441B-48CC-90FC-E9391D65844E",
"versionEndIncluding": "0.3.0.95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:simotics_connect_400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48BFF9EF-D1C1-4107-8D1E-51315C03FFF0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:talon_tc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC32195-D888-4A8B-AC77-D0C98A83E88A",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:talon_tc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F30FF737-174E-4760-A454-1DD174B4C966",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC441789-6954-48E7-9A42-1A2993C93066",
"versionEndExcluding": "6.00.327",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1727849-2FD8-40A2-91D3-E0C9662B45BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E396F519-8055-486E-A2DB-F9E6DD5B1E2D",
"versionEndExcluding": "6.00.327",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD39D011-8AE2-46FE-9207-C110E2FBC07C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACD8296-AC32-42CE-8B8D-A3F6FFD7A869",
"versionEndExcluding": "6.00.327",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCC50C13-FA05-4459-BA1E-482D886B842B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B65BC2-7D65-4216-8B3A-773825297CFE",
"versionEndExcluding": "6.00.327",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDA404C0-FD6D-47CC-950C-E5DCC993C8E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4CDD0E-FAB0-4F44-96AB-9ADDEFB456EC",
"versionEndExcluding": "6.00.327",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4D84CE-07AB-4305-9C48-54392772D4EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B66D45-3F60-469D-ADF6-ECB02567970C",
"versionEndExcluding": "6.00.327",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8E67F374-BF75-4334-A6D5-AB570E0A70D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1C11C33-5757-44C5-9CC2-4BC3F287DD75",
"versionEndExcluding": "6.00.327",
"versionStartIncluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA7EF94-2EE2-4B53-A544-F675306DF84F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigopxc50-e.d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93AC0E5C-5A08-43E4-88E5-7681755126F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigopxc50-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2D5B24-63B5-41C8-B20B-98699C4979F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigopxc64-u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB6399E-E7BD-4469-8166-B03B74E421BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigopxc64-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "980885C3-B98A-4AC9-AB86-A8BBFF23F37D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigopxc100-e.d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9118355-1BBC-43C7-9923-0F8FAEA70D40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigopxc100-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93E5FEC8-EAE9-4235-91EE-FE68CCE19C43",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigopxc128-u_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7B8DC6-A346-4D4B-B6F6-9831E7D1F999",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigopxc128-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF17316C-DDD6-42F9-A147-6729632D9902",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigopxc200-e.d_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED820905-73EA-41F8-A2C5-17CD6BCF1707",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigopxc200-e.d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E05F84E0-808C-4C40-9D50-9BE0117B791E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:desigopxm20-e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFE56A4-408F-4807-A76D-B54AD9C85C28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:desigopxm20-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "162C32E8-05CD-40A2-AB56-17CE4D85842F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.3), Nucleus Source Code (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en APOGEE MEC/MBC/PXC (P2) (Todas las versiones anteriores a V2.8.2), APOGEE PXC Series (BACnet) (Todas las versiones anteriores a V3.5.3), APOGEE PXC Series (P2) (Todas las versiones posteriores o iguales a V2. 8.2 y anteriores a V2.8.19), Desigo PXC00-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC00-U (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC001-E. D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC100-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC12-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00. 327), Desigo PXC128-U (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC200-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC22-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00. 327), Desigo PXC22.1-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC36.1-E.D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC50-E. D (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXC64-U (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00.327), Desigo PXM20-E (Todas las versiones posteriores o iguales a V2.3x y anteriores a V6.00. 327), Nucleus NET (Todas las versiones), Nucleus RTOS (Todas las versiones), Nucleus ReadyStart para ARM, MIPS y PPC (Todas las versiones anteriores a V2017.02.2 con parche \"Nucleus 2017.02. 02 Nucleus NET Patch\"), Nucleus SafetyCert (Todas las versiones), Nucleus Source Code (Todas las versiones), SIMOTICS CONNECT 400 (Todas las versiones anteriores a V0.3.0.330), TALON TC Series (BACnet) (Todas las versiones anteriores a V3.5.3), VSTAR (Todas las versiones). Al enviar paquetes DHCP especialmente dise\u00f1ados a un dispositivo donde el cliente DHCP est\u00e1 habilitado, un atacante podr\u00eda cambiar la direcci\u00f3n IP del dispositivo a un valor no v\u00e1lido. La vulnerabilidad podr\u00eda afectar a la disponibilidad e integridad del dispositivo. Se requiere acceso a la red adyacente, pero no se necesita autenticaci\u00f3n ni interacci\u00f3n del usuario para realizar un ataque"
}
],
"id": "CVE-2019-13939",
"lastModified": "2024-11-21T04:25:44.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2020-01-16T16:15:16.277",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-162506.html"
},
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434032.html"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-162506.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-434032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-162506.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-105-06"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-23 08:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | apogee_pxc_firmware | * | |
| siemens | apogee_pxc | - | |
| siemens | apogee_pxc_modular_firmware | * | |
| siemens | apogee_pxc_modular | - | |
| siemens | talon_tc_compact_firmware | * | |
| siemens | talon_tc_compact | - | |
| siemens | talon_tc_modular_firmware | * | |
| siemens | talon_tc_modular | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2449F533-CA42-44D4-B69E-B7B9F3A4EAD9",
"versionEndExcluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B73DAA70-4CFB-4E63-ADC7-EC8A93E0BBBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1604D4C-3E06-46D0-8D39-0A5BC7CE5A1D",
"versionEndExcluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9485F0B-03E0-4442-B615-2DA91AE1CD00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23756E05-4AD6-4888-AC07-C8E906CA5722",
"versionEndExcluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46D32EF0-8AEC-4594-8928-45F34DC60600",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1AF7BE-295B-4386-81F3-B08A1E15DD5F",
"versionEndExcluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C647D8-1725-42FA-8042-6C413EE67573",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Un atacante con acceso de red al servidor web integrado (80/tcp y 443/tcp) podr\u00c3\u00ada omitir la autenticaci\u00c3\u00b3n y descargar informaci\u00c3\u00b3n sensble del dispositivo."
}
],
"id": "CVE-2017-9946",
"lastModified": "2024-11-21T03:37:13.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-23T08:29:00.820",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
},
{
"source": "productcert@siemens.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101248"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-23 08:29
Modified
2024-11-21 03:37
Severity ?
Summary
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | apogee_pxc_firmware | * | |
| siemens | apogee_pxc | - | |
| siemens | apogee_pxc_modular_firmware | * | |
| siemens | apogee_pxc_modular | - | |
| siemens | talon_tc_compact_firmware | * | |
| siemens | talon_tc_compact | - | |
| siemens | talon_tc_modular_firmware | * | |
| siemens | talon_tc_modular | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2449F533-CA42-44D4-B69E-B7B9F3A4EAD9",
"versionEndExcluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B73DAA70-4CFB-4E63-ADC7-EC8A93E0BBBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1604D4C-3E06-46D0-8D39-0A5BC7CE5A1D",
"versionEndExcluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9485F0B-03E0-4442-B615-2DA91AE1CD00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23756E05-4AD6-4888-AC07-C8E906CA5722",
"versionEndExcluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46D32EF0-8AEC-4594-8928-45F34DC60600",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1AF7BE-295B-4386-81F3-B08A1E15DD5F",
"versionEndExcluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
"matchCriteriaId": "00C647D8-1725-42FA-8042-6C413EE67573",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Una vulnerabilidad de salto de directorio podr\u00c3\u00ada permitir a un atacante remoto con acceso de red al servidor web integrado (80/tcp y 443/tcp) obtener informaci\u00c3\u00b3n de la estructura del sistema de archivos de los dispositivos afectados."
}
],
"id": "CVE-2017-9947",
"lastModified": "2024-11-21T03:37:13.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-23T08:29:00.867",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
},
{
"source": "productcert@siemens.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101248"
},
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"source": "productcert@siemens.com",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-538"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}