SSA-615116 — Vulnetix

SSA-615116 PUBLISHED CVSS 7.5 HIGH

Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to perform a denial of service using a out-of-bounds read forcing the device to enter a cold state and a vulnerability that would allow an attacker to decrypt the passwords of the device. Siemens recommends countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
	APOGEE PXC Series (P2 Ethernet)
	TALON TC Series (BACnet)
	APOGEE PXC Series (BACnet)

Exploit Intelligence

https://cert-portal.siemens.com/productcert/html/ssa-615116.html (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-615116.json (circl)
vulns.js (github-poc)
vulns.js (github-poc)

Timeline

Feb 11, 2025 CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-615116.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-615116.json advisory

Open in Interactive Console →