CVE-2022-45937 HIGH

CVE-2022-45937

Vendor Siemens

Product APOGEE PXC Compact (BACnet)

Weakness CWE-284

Published December 13, 2022

Last update April 21, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.

Key dates

02Disclosure timeline

December 13, 2022 CVE published

April 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-45937 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2022-45937

CWE CWE-284

CVSS 8.8 / HIGH

Affected versions

Vendor Siemens

Product APOGEE PXC Compact (BACnet)

Affected All versions < V3.5.5

Vendor Siemens

Product APOGEE PXC Compact (P2 Ethernet)

Affected All versions < V2.8.20

Vendor Siemens

Product APOGEE PXC Modular (BACnet)

Affected All versions < V3.5.5

Vendor Siemens

Product APOGEE PXC Modular (P2 Ethernet)

Affected All versions < V2.8.20

Vendor Siemens

Product TALON TC Compact (BACnet)

Affected All versions < V3.5.5

Vendor Siemens

Product TALON TC Modular (BACnet)

Affected All versions < V3.5.5

CVE-2022-45937

01Description

02Disclosure timeline

03References

04Related CVE