Main Vulnerability Database SB2025022429

SB2025022429 - Multiple vulnerabilities in Siemens Apogee PXC and Talon TC Devices

Published: February 24, 2025

Security Bulletin ID SB2025022429

Severity

High

Patch available

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Inadequate Encryption Strength (CVE-ID: CVE-2024-54089)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a weak encryption mechanism based on a hard-coded key. A remote attacker can guess or decrypt the password from the cyphertext.

2) Out-of-bounds read (CVE-ID: CVE-2024-54090)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the memory dump function. A remote user can inject trigger an out-of-bounds read error and cause a denial of service condition on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://cert-portal.siemens.com/productcert/html/ssa-615116.html

SB2025022429 - Multiple vulnerabilities in Siemens Apogee PXC and Talon TC Devices

Breakdown by Severity

Description

Remediation

References

Please verify you're human