Primary

Context

Siemens APOGEE PXC and TALON TC Series Information Disclosure Vulnerability

Vulnerability

A vulnerability exists in all versions of Siemens APOGEE PXC Series (BACnet), APOGEE PXC Series (P2 Ethernet), and TALON TC Series (BACnet) devices. These devices allow unrestricted access to sensitive files, including databases, over the network. This vulnerability could enable an attacker to download an encrypted database file containing passwords.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information, specifically encrypted database files containing passwords.

Remediation

Siemens is working on a fix for this vulnerability but has not yet released one. In the meantime, it is recommended to change all default passwords, use strong passwords for all accounts, and disable telnet if it has been enabled.

Added: Sep 9, 2025, 9:27 AM

Updated: Sep 9, 2025, 5:07 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

5.9

remediation

7.9

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

5.9

remediation

7.9

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens APOGEE PXC and TALON TC Series Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens APOGEE PXC

Siemens TALON TC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating