SSA-718393 — Vulnetix

SSA-718393 PUBLISHED CVSS 4.699999809265137 MEDIUM

Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a partial denial of service condition of the targeted device, and potentially reduce the availability of BACnet network. A power cycle is required to restore the device's normal operation.

Risk Scores

CVSS v3.1

4.699999809265137

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
Siemens	APOGEE PXC+TALON TC Series (BACnet)

Timeline

May 13, 2025 CVE Published

References

https://cert-portal.siemens.com/productcert/csaf/ssa-718393.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-718393.html advisory

Open in Interactive Console →