QID 591222
Date Published: 2022-12-09
QID 591222: Siemens APOGEE, TALON and Desigo PXC/PXM Products Uncontrolled Resource Consumption Vulnerability (SSA-935500, ICSA-22-286-12)
AFFECTED PRODUCTS
Siemens reports this vulnerability affects the following products which use FTP Server of Nucleus RTOS:
APOGEE MBC (PPC) (BACnet): All versions
APOGEE MBC (PPC) (P2 Ethernet): All versions
APOGEE MEC (PPC) (BACnet): All versions
APOGEE MEC (PPC) (P2 Ethernet): All versions
APOGEE PXC Compact (BACnet): All versions
APOGEE PXC Compact (P2 Ethernet): All versions
APOGEE PXC Modular (BACnet): All versions
APOGEE PXC Modular (P2 Ethernet): All versions
Desigo PXC00-E.D: All versions since and including V2.3
Desigo PXC00-U: All versions since and including V2.3
Desigo PXC001-E.D: All versions since and including V2.3
Desigo PXC12-E.D: All versions since and including V2.3
Desigo PXC22-E.D: All versions since and including V2.3
Desigo PXC22.1-E.D: All versions since and including V2.3
Desigo PXC36.1-E.D: All versions since and including V2.3
Desigo PXC50-E.D: All versions since and including V2.3
Desigo PXC64-U: All versions since and including V2.3
Desigo PXC100-E.D: All versions since and including V2.3
Desigo PXC128-U: All versions since and including V2.3
Desigo PXC200-E.D: All versions since and including V2.3
Desigo PXM20-E: All versions since and including V2.3
TALON TC Compact (BACnet): All versions
TALON TC Modular (BACnet): All versions
QID Detection Logic (Authenticated):
QID checks for the Vulnerable version of using passive scanning
Successful exploitation of these vulnerabilities could allow a remote attacker to generate a denial-of-service condition on devices incorporating a vulnerable version of the file transfer protocol (FTP) server.
Customers are advised to refer to CERT MITIGATIONS section ssa-935500 for affected packages and patching details.
cert-portal.siemens.com/productcert/html/ssa-935500.htmlCVEs related to QID 591222
| Advisory ID | Software | Component | Link |
|---|