A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/101248 | Broken Link Third Party Advisory VDB Entry |
https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf | Vendor Advisory |
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf | Broken Link Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
09 May 2023, 16:27
Type | Values Removed | Values Added |
---|---|---|
First Time |
Siemens talon Tc Modular Firmware
Siemens talon Tc Modular Siemens talon Tc Compact Siemens apogee Pxc Modular Firmware Siemens apogee Pxc Firmware Siemens apogee Pxc Siemens talon Tc Compact Firmware Siemens apogee Pxc Modular |
|
CPE | cpe:2.3:h:siemens:talon_tc_bacnet_automation_controller:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:apogee_pxc_bacnet_automation_controller_firmware:*:*:*:*:*:*:*:* |
cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:* |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf - Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/101248 - Broken Link, Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf - Broken Link, Vendor Advisory | |
References | (MISC) http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html - Exploit, Third Party Advisory, VDB Entry |
28 Oct 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2017-10-23 08:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-9947
Mitre link : CVE-2017-9947
CVE.ORG link : CVE-2017-9947
JSON object : View
Products Affected
siemens
- apogee_pxc_firmware
- apogee_pxc
- talon_tc_compact_firmware
- apogee_pxc_modular
- talon_tc_modular
- talon_tc_modular_firmware
- talon_tc_compact
- apogee_pxc_modular_firmware