Full Report
Apogee PXC and Talon TC contain a vulnerability that could allow an attacker to download the device encrypted database file. Siemens is preparing fix versions and recommends specific countermeasures for products where fixes are not, or not yet available.
Analysis Summary
# Vulnerability: Information Disclosure in Apogee PXC and Talon TC (Encrypted Database Download)
## CVE Details
- CVE ID: CVE-2025-40757
- CVSS Score: 6.3 (CVSS v4.0) / 5.3 (CVSS v3.1) (Medium)
- CWE: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
## Affected Systems
- Products: APOGEE PXC Series (BACnet), APOGEE PXC Series (P2 Ethernet), TALON TC Series (BACnet)
- Versions: All versions affected.
- Configurations: Devices connected to the network.
## Vulnerability Description
The vulnerability allows an attacker with network access to retrieve sensitive files, specifically an encrypted `.db` file. This file contains passwords, meaning successful exploitation leads to the disclosure of encrypted credentials.
## Exploitation
- Status: Not specified as exploited in the wild.
- Complexity: Low (Based on CVSS vector components: AV:N/AC:L/PR:N/UI:N)
- Attack Vector: Network
## Impact
- Confidentiality: Low (Disclosure of encrypted database file containing passwords)
- Integrity: No impact specified.
- Availability: No impact specified.
## Remediation
### Patches
- Currently no fix is available. Siemens is preparing fix versions.
### Workarounds
1. Ensure all three default passwords are changed, even if they appear unused.
2. Ensure passwords for all accounts are strong (up to 15 characters, supporting upper case, lower case, numbers, and special characters).
3. Disable telnet (Note: telnet is disabled by default).
4. Implement general security hardening by protecting network access to devices according to Siemens' operational guidelines for Industrial Security.
## Detection
- No specific Indicators of Compromise (IoCs) are provided in the summary.
- Detection should focus on monitoring for unexpected file download/retrieval attempts targeting device configuration or database files over the network interface.
## References
- Vendor Advisories: SSA-916339
- Relevant links - defanged:
- hxxps://cert-portal.siemens.com/productcert/html/ssa-916339.html
- hxxps://www.siemens.com/cert/operational-guidelines-industrial-security (For general guidelines download)
- hxxps://www.siemens.com/cert/advisories (For general inquiries)
- hxxps://www.siemens.com/industrialsecurity (For general Industrial Security info)