Page 4 of 17 results (0.011 seconds)

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Un atacante con acceso de red al servidor web integrado (80/tcp y 443/tcp) podría omitir la autenticación y descargar información sensble del dispositivo. • http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html http://www.securityfocus.com/bid/101248 https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf • CWE-287: Improper Authentication •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Una vulnerabilidad de salto de directorio podría permitir a un atacante remoto con acceso de red al servidor web integrado (80/tcp y 443/tcp) obtener información de la estructura del sistema de archivos de los dispositivos afectados. • http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html http://www.securityfocus.com/bid/101248 https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •