CVE-2024-54090 MEDIUM

CVE-2024-54090

Vendor Siemens
Product APOGEE PXC Series (BACnet)
Weakness CWE-125
Published February 11, 2025
Last update February 12, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain an out-of-bounds read in the memory dump function. This could allow an attacker with Medium (MED) or higher privileges to cause the device to enter an insecure cold start state.

Key dates

02Disclosure timeline

February 11, 2025 CVE published
February 12, 2025 Record updated