CVE-2017-9947

Published: 23/10/2017 Updated: 09/05/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens apogee pxc firmware
siemens apogee pxc modular firmware
siemens talon tc compact firmware
siemens talon tc modular firmware

APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers (all versions prior to V3.5) and TALON TC BACnet Automation Controllers (all versions prior to V3.5). With a 7.5 CVSS, this exploit allows for an attacker to perform an authentication bypass using an alternate …

🌀 APOLOGEE - Siemens Field Panel Scanner: APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers (all versions prior to V35) and TALON TC BACnet Automation Controllers (all versions prior to V35) With a 75 CVSS, this exploit allows for an attacker to perform an authentication bypass using a

CWE-22 https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf http://www.securityfocus.com/bid/101248 https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html https://nvd.nist.gov https://github.com/RoseSecurity/APOLOGEE https://www.cisa.gov/uscert/ics/advisories/ICSA-17-285-05

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-9947

Vulnerability Summary

Vulnerability Trend

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect