Page 2 of 6 results (0.005 seconds)

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Una vulnerabilidad de salto de directorio podría permitir a un atacante remoto con acceso de red al servidor web integrado (80/tcp y 443/tcp) obtener información de la estructura del sistema de archivos de los dispositivos afectados. • http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html http://www.securityfocus.com/bid/101248 https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •