SIEMENS-SSA-180579 · Published 2023-08-08 · View on Siemens ProductCERT ↗

SSA-180579 V1.1 (Last Update: 2023-08-08): Privilege Management Vulnerability and Multiple Nucleus RTOS Vulnerabilities in APOGEE/TALON Field Panels before V3.5.5/V2.8.20

CVSS 8.8 HIGH

Risk Summary

<p>APOGEE PXC / TALON TC field panels (BACnet before V3.5.5 and P2 Ethernet before V2.8.20) contain multiple vulnerabilities:</p> <ul> <li>CVE-2022-45937: A privilege management vulnerability that could allow low privilege authenticated attackers to gain high privilege access.</li> <li>CVE-2020-28388: Predictable Initial Sequence Numbers in the TCP/IP Stack of Nucleus RTOS (real-time operating system) used by the affected products.</li> <li>Several vulnerabilities in the DNS (domain name service) implementation of Nucleus RTOS.</li> </ul> <p>Siemens has released updates for the affected products and recommends to update to the latest versions.</p>

CVEs (2)

CVE-2022-45937 CVE-2020-28388

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-180579 V1.1 (Last Update: 2023-08-08): Privilege Management Vulnerability and Multiple Nucleus RTOS Vulnerabilities in APOGEE/TALON Field Panels before V3.5.5/V2.8.20 See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more