cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-54090,https://securityvulnerability.io/vulnerability/CVE-2024-54090,Out-of-Bounds Read in APOGEE PXC and TALON TC Series by Siemens,"A vulnerability has been discovered in various Siemens devices including the APOGEE PXC and TALON TC Series. The issue lies in an out-of-bounds read within the memory dump function. Attackers with sufficient privileges can exploit this flaw, leading to the device entering an insecure cold start state. This can potentially compromise the integrity of the system and expose critical functionalities under threat.",Siemens,"Apogee Pxc Series (bacnet),Apogee Pxc Series (p2 Ethernet),Talon Tc Series (bacnet)",6,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:29:01.530Z,0
CVE-2024-54089,https://securityvulnerability.io/vulnerability/CVE-2024-54089,Weak Encryption Vulnerability in APOGEE PXC and TALON TC Series by Siemens,"A critical vulnerability exists in various models of Siemens APOGEE PXC and TALON TC Series devices due to a weak encryption scheme relying on a hard-coded key. This vulnerability enables attackers to potentially deduce or decrypt sensitive passwords from intercepted cyphertext, thereby compromising the security of affected systems. Organizations using these devices should assess their infrastructure and implement necessary safeguards to mitigate potential threats stemming from this weakness.",Siemens,"Apogee Pxc Series (bacnet),Apogee Pxc Series (p2 Ethernet),Talon Tc Series (bacnet)",8.7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-11T10:29:00.200Z,0
CVE-2019-13939,https://securityvulnerability.io/vulnerability/CVE-2019-13939,,"A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch ""Nucleus 2017.02.02 Nucleus NET Patch""), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack.",Siemens,"Apogee Mec/mbc/pxc (p2),Apogee Pxc Series (bacnet),Apogee Pxc Series (p2),Desigo Pxc00-e.d,Desigo Pxc00-u,Desigo Pxc001-e.d,Desigo Pxc100-e.d,Desigo Pxc12-e.d,Desigo Pxc128-u,Desigo Pxc200-e.d,Desigo Pxc22-e.d,Desigo Pxc22.1-e.d,Desigo Pxc36.1-e.d,Desigo Pxc50-e.d,Desigo Pxc64-u,Desigo Pxm20-e,Nucleus Net,Nucleus Rtos,Nucleus Readystart For Arm, Mips, And Ppc,Nucleus Safetycert,Nucleus Source Code,Simotics Connect 400,Talon Tc Series (bacnet),Vstar",7.1,HIGH,0.002259999979287386,false,,false,false,false,,,false,false,,2020-01-16T15:35:24.000Z,0