OTPulse
FeedAboutContact

Siemens APOGEE PXC and TALON TC Series

Monitor4.7ICS-CERT ICSA-25-135-14May 13, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

APOGEE PXC and TALON TC Series devices running BACnet start sending unsolicited broadcast messages after processing a specially crafted BACnet createObject request. This causes a partial denial of service condition on the affected device and potentially degrades the entire BACnet network's availability. A power cycle is required to restore normal operation. Siemens has not planned a firmware fix for this issue.

What this means
What could happen
An attacker on the BACnet network could send a specially crafted message that causes APOGEE PXC and TALON TC devices to flood the network with unsolicited broadcast messages, degrading BACnet network availability and requiring a power cycle to restore normal operation.
Who's at risk
Energy sector facilities operating APOGEE PXC and TALON TC Series building automation and control devices over BACnet networks should be concerned. This includes central plants, substations, and facility management systems that rely on BACnet for HVAC, lighting, or grid support functions.
How it could be exploited
An attacker with access to the BACnet network sends a specially crafted BACnet createObject request to a vulnerable device. The device responds by beginning to send unsolicited BACnet broadcast messages continuously, consuming network bandwidth and potentially disrupting communication with other devices on the network.
Prerequisites
  • Attacker must have network access to the BACnet network segment
  • Ability to send BACnet protocol messages to the target device
  • Device must be running any version of APOGEE PXC or TALON TC Series (BACnet)
Affects availability of control networkNo patch available from vendorSame network access required (not remotely exploitable from Internet)Low attack complexity
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
APOGEE PXC+TALON TC Series (BACnet)All versionsNo fix (EOL)
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDIf remote access to APOGEE devices is required, use a VPN with the most recent version and strong access controls
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGDocument the serial number and location of all APOGEE PXC and TALON TC devices in your plant for rapid identification and power cycling if a denial of service is suspected
Mitigations - no patch available
0/3
APOGEE PXC+TALON TC Series (BACnet) has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGIsolate APOGEE PXC and TALON TC devices behind a firewall, restricting access to only authorized engineering workstations and control systems that require BACnet communication
HARDENINGSegment the BACnet network from business networks and the Internet to prevent unauthorized access from external sources
HARDENINGImplement network monitoring to detect unusual broadcast traffic patterns from APOGEE devices that may indicate exploitation
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/2da8101e-5478-4c1a-a87e-acc231edbece