ID

VAR-202212-1327


CVE

CVE-2022-45937


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023550

DESCRIPTION

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials. pxc00-e96.a firmware, pxc100-e96.a firmware, pxx-485.3 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained. APOGEE PXC Modular and Compact Series Direct Digital Control (DDC) devices are an integral part of the APOGEE automation system. TALON TC Modular and Compact Series direct digital control (DDC) equipment is an integral part of the TALON automation system

Trust: 2.16

sources: NVD: CVE-2022-45937 // JVNDB: JVNDB-2022-023550 // CNVD: CNVD-2022-87976

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-87976

AFFECTED PRODUCTS

vendor:siemensmodel:talon tc modular \scope:ltversion:3.5.5

Trust: 1.0

vendor:siemensmodel:pxc100-e96.ascope:ltversion:3.5.5

Trust: 1.0

vendor:siemensmodel:pxc24.2-pe.ascope:ltversion:2.8.20

Trust: 1.0

vendor:siemensmodel:pxc16.2-pe.ascope:ltversion:2.8.20

Trust: 1.0

vendor:siemensmodel:pxc24.2-pef.ascope:ltversion:2.8.20

Trust: 1.0

vendor:siemensmodel:pxc24.2-perf.ascope:ltversion:2.8.20

Trust: 1.0

vendor:siemensmodel:pxc00-e96.ascope:ltversion:3.5.5

Trust: 1.0

vendor:siemensmodel:pxc24.2-per.ascope:ltversion:2.8.20

Trust: 1.0

vendor:siemensmodel:pxx-485.3scope:ltversion:3.5.5

Trust: 1.0

vendor:シーメンスmodel:pxc00-e96.ascope: - version: -

Trust: 0.8

vendor:シーメンスmodel:pxx-485.3scope: - version: -

Trust: 0.8

vendor:シーメンスmodel:pxc24.2-perf.ascope: - version: -

Trust: 0.8

vendor:シーメンスmodel:pxc24.2-pe.ascope: - version: -

Trust: 0.8

vendor:シーメンスmodel:talon tc modularscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:pxc24.2-per.ascope: - version: -

Trust: 0.8

vendor:シーメンスmodel:pxc16.2-pe.ascope: - version: -

Trust: 0.8

vendor:シーメンスmodel:pxc24.2-pef.ascope: - version: -

Trust: 0.8

vendor:シーメンスmodel:pxc100-e96.ascope: - version: -

Trust: 0.8

vendor:siemensmodel:apogee pxc seriesscope:ltversion:v2.8.20

Trust: 0.6

vendor:siemensmodel:apogee pxc seriesscope:ltversion:v3.5.5

Trust: 0.6

sources: CNVD: CNVD-2022-87976 // JVNDB: JVNDB-2022-023550 // NVD: CVE-2022-45937

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-45937
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2022-45937
value: HIGH

Trust: 1.0

NVD: CVE-2022-45937
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2022-87976
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202212-3093
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2022-87976
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-45937
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2022-45937
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-45937
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-87976 // JVNDB: JVNDB-2022-023550 // CNNVD: CNNVD-202212-3093 // NVD: CVE-2022-45937 // NVD: CVE-2022-45937

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023550 // NVD: CVE-2022-45937

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3093

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-3093

PATCH

title:Patch for Siemens APOGEE/TALON Field Panels Privilege Management Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/372171

Trust: 0.6

title:Siemens part of the product Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=218341

Trust: 0.6

sources: CNVD: CNVD-2022-87976 // CNNVD: CNNVD-202212-3093

EXTERNAL IDS

db:NVDid:CVE-2022-45937

Trust: 3.8

db:SIEMENSid:SSA-180579

Trust: 3.0

db:ICS CERTid:ICSA-22-349-16

Trust: 0.8

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNDBid:JVNDB-2022-023550

Trust: 0.8

db:CNVDid:CNVD-2022-87976

Trust: 0.6

db:CNNVDid:CNNVD-202212-3093

Trust: 0.6

sources: CNVD: CNVD-2022-87976 // JVNDB: JVNDB-2022-023550 // CNNVD: CNNVD-202212-3093 // NVD: CVE-2022-45937

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf

Trust: 2.4

url:https://jvn.jp/vu/jvnvu91561630/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-45937

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-16

Trust: 0.8

url:https://cert-portal.siemens.com/productcert/html/ssa-180579.html

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-45937/

Trust: 0.6

sources: CNVD: CNVD-2022-87976 // JVNDB: JVNDB-2022-023550 // CNNVD: CNNVD-202212-3093 // NVD: CVE-2022-45937

SOURCES

db:CNVDid:CNVD-2022-87976
db:JVNDBid:JVNDB-2022-023550
db:CNNVDid:CNNVD-202212-3093
db:NVDid:CVE-2022-45937

LAST UPDATE DATE

2024-08-14T12:25:32.098000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-87976date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2022-023550date:2023-11-29T03:03:00
db:CNNVDid:CNNVD-202212-3093date:2022-12-20T00:00:00
db:NVDid:CVE-2022-45937date:2023-08-08T10:15:12.850

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-87976date:2022-12-16T00:00:00
db:JVNDBid:JVNDB-2022-023550date:2023-11-29T00:00:00
db:CNNVDid:CNNVD-202212-3093date:2022-12-13T00:00:00
db:NVDid:CVE-2022-45937date:2022-12-13T16:15:24.893