Improper access control in Siemens products - CVE-2022-45937
Published: December 15, 2022
Vulnerability identifier: #VU70377
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-45937
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Siemens
Affected software:
APOGEE PXC Series (BACnet)
APOGEE PXC Series (P2 Ethernet)
TALON TC Series (BACnet)
APOGEE PXC Series (BACnet)
APOGEE PXC Series (P2 Ethernet)
TALON TC Series (BACnet)
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can download sensitive information from the device containing user account credentials and gain unauthorized access to the application.
How to mitigate CVE-2022-45937
Install updates from vendor's website.