Details of VAR-202212-1327

ID

VAR-202212-1327

CVE

CVE-2022-45937

TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023550

DESCRIPTION

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials. pxc00-e96.a firmware, pxc100-e96.a firmware, pxx-485.3 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained. APOGEE PXC Modular and Compact Series Direct Digital Control (DDC) devices are an integral part of the APOGEE automation system. TALON TC Modular and Compact Series direct digital control (DDC) equipment is an integral part of the TALON automation system

Trust: 2.16

sources: NVD: CVE-2022-45937 // JVNDB: JVNDB-2022-023550 // CNVD: CNVD-2022-87976

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-87976

AFFECTED PRODUCTS

vendor:	siemens	model:	talon tc modular \	scope:	lt	version:	3.5.5	Trust: 1.0
vendor:	siemens	model:	pxc100-e96.a	scope:	lt	version:	3.5.5	Trust: 1.0
vendor:	siemens	model:	pxc24.2-pe.a	scope:	lt	version:	2.8.20	Trust: 1.0
vendor:	siemens	model:	pxc16.2-pe.a	scope:	lt	version:	2.8.20	Trust: 1.0
vendor:	siemens	model:	pxc24.2-pef.a	scope:	lt	version:	2.8.20	Trust: 1.0
vendor:	siemens	model:	pxc24.2-perf.a	scope:	lt	version:	2.8.20	Trust: 1.0
vendor:	siemens	model:	pxc00-e96.a	scope:	lt	version:	3.5.5	Trust: 1.0
vendor:	siemens	model:	pxc24.2-per.a	scope:	lt	version:	2.8.20	Trust: 1.0
vendor:	siemens	model:	pxx-485.3	scope:	lt	version:	3.5.5	Trust: 1.0
vendor:	シーメンス	model:	pxc00-e96.a	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	pxx-485.3	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	pxc24.2-perf.a	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	pxc24.2-pe.a	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	talon tc modular	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	pxc24.2-per.a	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	pxc16.2-pe.a	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	pxc24.2-pef.a	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	pxc100-e96.a	scope:	-	version:	-	Trust: 0.8
vendor:	siemens	model:	apogee pxc series	scope:	lt	version:	v2.8.20	Trust: 0.6
vendor:	siemens	model:	apogee pxc series	scope:	lt	version:	v3.5.5	Trust: 0.6

sources: CNVD: CNVD-2022-87976 // JVNDB: JVNDB-2022-023550 // NVD: CVE-2022-45937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-45937
value:	MEDIUM
Trust: 1.0
productcert@siemens.com:	CVE-2022-45937
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-45937
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-87976
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202212-3093
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2022-87976
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-45937
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2022-45937
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-45937
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-87976 // JVNDB: JVNDB-2022-023550 // CNNVD: CNNVD-202212-3093 // NVD: CVE-2022-45937 // NVD: CVE-2022-45937

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-023550 // NVD: CVE-2022-45937

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3093

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-3093

PATCH

title:	Patch for Siemens APOGEE/TALON Field Panels Privilege Management Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/372171	Trust: 0.6
title:	Siemens part of the product Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=218341	Trust: 0.6

sources: CNVD: CNVD-2022-87976 // CNNVD: CNNVD-202212-3093

EXTERNAL IDS

db:	NVD	id:	CVE-2022-45937	Trust: 3.8
db:	SIEMENS	id:	SSA-180579	Trust: 3.0
db:	ICS CERT	id:	ICSA-22-349-16	Trust: 0.8
db:	JVN	id:	JVNVU91561630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-023550	Trust: 0.8
db:	CNVD	id:	CNVD-2022-87976	Trust: 0.6
db:	CNNVD	id:	CNNVD-202212-3093	Trust: 0.6

sources: CNVD: CNVD-2022-87976 // JVNDB: JVNDB-2022-023550 // CNNVD: CNNVD-202212-3093 // NVD: CVE-2022-45937

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu91561630/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-45937	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-16	Trust: 0.8
url:	https://cert-portal.siemens.com/productcert/html/ssa-180579.html	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-45937/	Trust: 0.6

sources: CNVD: CNVD-2022-87976 // JVNDB: JVNDB-2022-023550 // CNNVD: CNNVD-202212-3093 // NVD: CVE-2022-45937

SOURCES

db:	CNVD	id:	CNVD-2022-87976
db:	JVNDB	id:	JVNDB-2022-023550
db:	CNNVD	id:	CNNVD-202212-3093
db:	NVD	id:	CVE-2022-45937

LAST UPDATE DATE

2024-08-14T12:25:32.098000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-87976	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023550	date:	2023-11-29T03:03:00
db:	CNNVD	id:	CNNVD-202212-3093	date:	2022-12-20T00:00:00
db:	NVD	id:	CVE-2022-45937	date:	2023-08-08T10:15:12.850

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-87976	date:	2022-12-16T00:00:00
db:	JVNDB	id:	JVNDB-2022-023550	date:	2023-11-29T00:00:00
db:	CNNVD	id:	CNNVD-202212-3093	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-45937	date:	2022-12-13T16:15:24.893