Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Talon_tc_modular_firmware
(Siemens)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-11-09 | CVE-2021-31888 | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.4), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.19), APOGEE PXC Modular (BACnet) (All versions < V3.5.4), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3 and <... | Apogee_modular_building_controller_firmware, Apogee_modular_equiment_controller_firmware, Apogee_pxc_compact_firmware, Apogee_pxc_modular_firmware, Desigo_pxc001\-E\.d_firmware, Desigo_pxc00\-E\.d_firmware, Desigo_pxc00\-U_firmware, Desigo_pxc100\-E\.d_firmware, Desigo_pxc128\-U_firmware, Desigo_pxc12\-E\.d_firmware, Desigo_pxc200\-E\.d_firmware, Desigo_pxc22\-E\.d_firmware, Desigo_pxc22\.1\-E\.d_firmware, Desigo_pxc36\.1\-E\.d_firmware, Desigo_pxc50\-E\.d_firmware, Desigo_pxc64\-U_firmware, Desigo_pxm20\-E_firmware, Nucleus_net, Nucleus_readystart_v3, Nucleus_source_code, Talon_tc_compact_firmware, Talon_tc_modular_firmware | 8.8 | ||
| 2021-11-09 | CVE-2021-31889 | A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0). Malformed TCP packets with a corrupted SACK option leads to Information Leaks and Denial-of-Service conditions. (FSMD-2021-0015) | Apogee_modular_building_controller_firmware, Apogee_modular_equiment_controller_firmware, Apogee_pxc_compact_firmware, Apogee_pxc_modular_firmware, Capital_vstar, Nucleus_net, Nucleus_readystart_v3, Nucleus_source_code, Talon_tc_compact_firmware, Talon_tc_modular_firmware | 9.1 | ||
| 2021-11-09 | CVE-2021-31890 | A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an TCP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer... | Apogee_modular_building_controller_firmware, Apogee_modular_equiment_controller_firmware, Apogee_pxc_compact_firmware, Apogee_pxc_modular_firmware, Capital_vstar, Nucleus_net, Nucleus_readystart_v3, Nucleus_readystart_v4, Nucleus_source_code, Talon_tc_compact_firmware, Talon_tc_modular_firmware | 9.1 | ||
| 2017-10-23 | CVE-2017-9946 | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. | Apogee_pxc_firmware, Apogee_pxc_modular_firmware, Talon_tc_compact_firmware, Talon_tc_modular_firmware | 7.5 | ||
| 2017-10-23 | CVE-2017-9947 | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. | Apogee_pxc_firmware, Apogee_pxc_modular_firmware, Talon_tc_compact_firmware, Talon_tc_modular_firmware | 5.3 |