CVE-2022-45937

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-45937
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), TALON TC Series (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:siemens:pxc00-e96.a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxc00-e96.a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:siemens:pxc100-e96.a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxc100-e96.a:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:siemens:pxx-485.3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxx-485.3:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:pxc16.2-pe.a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxc16.2-pe.a:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:pxc24.2-pe.a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxc24.2-pe.a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:pxc24.2-pef.a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxc24.2-pef.a:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:pxc24.2-per.a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxc24.2-per.a:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:pxc24.2-perf.a_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:pxc24.2-perf.a:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:talon_tc_modular_\(bacnet\)_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:talon_tc_modular_\(bacnet\):-:*:*:*:*:*:*:*
Information

Published : 2022-12-13 08:15

Updated : 2022-12-19 06:34

NVD link : CVE-2022-45937

Mitre link : CVE-2022-45937

JSON object : View

CWE
NVD-CWE-noinfo
Advertisement

dedicated server usa
Products Affected

siemens

  • pxc24.2-pe.a
  • pxc24.2-pef.a_firmware
  • pxc24.2-perf.a_firmware
  • pxc16.2-pe.a_firmware
  • pxc100-e96.a_firmware
  • pxc00-e96.a_firmware
  • pxc24.2-per.a_firmware
  • pxx-485.3
  • talon_tc_modular_\(bacnet\)_firmware
  • pxc24.2-perf.a
  • pxx-485.3_firmware
  • pxc00-e96.a
  • pxc16.2-pe.a
  • pxc100-e96.a
  • pxc24.2-per.a
  • talon_tc_modular_\(bacnet\)
  • pxc24.2-pef.a
  • pxc24.2-pe.a_firmware