Home

Description

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices connected to the network allow unrestricted access to sensitive files, such as databases. This could allow an attacker to download encrypted .db file containing passwords.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-09 | Updated 2025-09-09 | Assigner siemens




MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before *
affected

Default status
unknown

Any version before *
affected

References

cert-portal.siemens.com/productcert/html/ssa-916339.html

cve.org (CVE-2025-40757)

nvd.nist.gov (CVE-2025-40757)

Download JSON