NotCVE - vendor:"Siemens" product:"Apogee Pxc Compact Firmware"

Page 4 of 17 results (0.002 seconds)

CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1

CVE-2017-9946

https://notcve.org/view.php?id=CVE-2017-9946

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Un atacante con acceso de red al servidor web integrado (80/tcp y 443/tcp) podrÃa omitir la autenticaciÃ³n y descargar informaciÃ³n sensble del dispositivo. • http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html http://www.securityfocus.com/bid/101248 https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf • CWE-287: Improper Authentication •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 1

CVE-2017-9947 – Siemens APOGEE PXC / TALON TC Authentication Bypass

https://notcve.org/view.php?id=CVE-2017-9947

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Una vulnerabilidad de salto de directorio podrÃa permitir a un atacante remoto con acceso de red al servidor web integrado (80/tcp y 443/tcp) obtener informaciÃ³n de la estructura del sistema de archivos de los dispositivos afectados. • http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html http://www.securityfocus.com/bid/101248 https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •

1 2 3 4