VDB

SSA-944498

SSA-944498 PUBLISHED CVSS 9.800000190734863 CRITICAL

A buffer overflow vulnerability in the integrated web server of multiple APOGEE and TALON automation devices could allow a remote attacker to execute arbitrary code on the devices with root privileges. Affected devices include the APOGEE MBC/MEC/PXC P2 Ethernet devices with Power Open Processors (PPC), APOGEE PXC BACnet devices, and TALON TC BACnet devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C

Affected Products

VendorProductVersions
APOGEE PXC Compact (P2 Ethernet)
APOGEE MBC (PPC) (P2 Ethernet)
TALON TC Compact (BACnet)
APOGEE PXC Modular (P2 Ethernet)
TALON TC Modular (BACnet)
APOGEE PXC Modular (BACnet)
APOGEE PXC Compact (BACnet)
APOGEE MEC (PPC) (P2 Ethernet)

Exploit Intelligence

Timeline

  • CVE Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›