CVE-2024-54089 — Vulnetix

CVE-2024-54089 PUBLISHED CVSS 7.5 HIGH

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the password from the cyphertext.

EPSS 0.03% · 9.9th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.03%

9.9th percentile

Affected Products

Vendor	Product	Versions
Siemens	APOGEE PXC Series (P2 Ethernet)	0
Siemens	APOGEE PXC Series (BACnet)	0
Siemens	TALON TC Series (BACnet)	0

Timeline

Feb 11, 2025 CVE Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 12, 2025 EPSS Score
Feb 12, 2025 CVE Updated
Feb 13, 2025 PoC Published
Feb 22, 2025 Coalition ESS Score
Feb 27, 2025 EPSS Score
Mar 13, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Apr 11, 2025 EPSS Score

References

https://cert-portal.siemens.com/productcert/html/ssa-615116.html url
https://nvd.nist.gov/vuln/detail/CVE-2024-54089 advisory

Open in Interactive Console →