QID 590688
Date Published: 2022-06-03
QID 590688: Siemens Nucleus RTOS-based APOGEE and TALON Products (Update A) Multiple Vulnerabilities (ICSA-21-315-07)
AFFECTED PRODUCTS
The following Nucleus RTOS based APOGEE and TALON Products, direct digital control (DDC) devices, are affected:
APOGEE MBC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
Desigo PXC00-E.D: Versions 2.3 and later
Desigo PXC00-U: Versions 2.3 and later
Desigo PXC001-E.D: Versions 2.3 and later
Desigo PXC12-E.D: Versions 2.3 and later
Desigo PXC22-E.D: Versions 2.3 and later
Desigo PXC22.1-E.D: Versions 2.3 and later
Desigo PXC36.1-E.D: Versions 2.3 and later
Desigo PXC50-E.D: Versions 2.3 and later
Desigo PXC64-U: Versions 2.3 and later
Desigo PXC100-E.D: Versions 2.3 and later
Desigo PXC128-U: Versions 2.3 and later
Desigo PXC200-E.D: Versions 2.3 and later
Desigo PXM20-E: Versions 2.3 and later
TALON TC Compact (BACnet): All versions
TALON TC Modular (BACnet): All versions
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Successful exploitation of these vulnerabilities could allow denial-of-service conditions, remote code execution, information leaks, and out-of-bounds reads and writes.
Customers are advised to refer to CERT MITIGATIONS section ICSA-21-315-07 for affected packages and patching details.
- ICSA-21-315-07 -
www.us-cert.gov/ics/advisories/ICSA-21-315-07
CVEs related to QID 590688
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| ICSA-21-315-07 |
www.us-cert.gov/ics/advisories/ICSA-21-315-07 |