A buffer overflow vulnerability in the integrated web server of multiple APOGEE and TALON automation devices could allow a remote attacker to execute arbitrary code on the devices with root privileges. Affected devices include the APOGEE MBC/MEC/PXC P2 Ethernet devices with Power Open Processors (PPC), APOGEE PXC BACnet devices, and TALON TC BACnet devices. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
| Vendor | Product | Versions |
|---|---|---|
| APOGEE PXC Compact (P2 Ethernet) | ||
| APOGEE MBC (PPC) (P2 Ethernet) | ||
| TALON TC Compact (BACnet) | ||
| APOGEE PXC Modular (P2 Ethernet) | ||
| TALON TC Modular (BACnet) | ||
| APOGEE PXC Modular (BACnet) | ||
| APOGEE PXC Compact (BACnet) | ||
| APOGEE MEC (PPC) (P2 Ethernet) |