Siemens Apogee PXC and Talon TC Devices

MonitorCVSS 5.3ICS-CERT ICSA-25-254-05Sep 9, 2025

Siemens

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Apogee PXC and Talon TC BACnet controllers contain a vulnerability allowing unauthorized download of encrypted device database files. The database may contain device configuration, stored credentials, setpoints, and operational parameters. Siemens has stated that fixes are not yet available for any version of these products. The vulnerability is exploitable over the network without authentication or user interaction.

What this means

What could happen

An attacker with network access to an Apogee PXC or Talon TC device could download its encrypted database file, potentially exposing device configuration, credentials, or other sensitive data stored on the controller.

Who's at risk

Building automation teams responsible for Apogee PXC and Talon TC HVAC control systems should prioritize this. These devices are commonly found in commercial buildings, hospitals, data centers, and industrial facilities managing heating, cooling, and ventilation. Any facility with network-accessible PXC or TC controllers is at risk.

How it could be exploited

An attacker on the same network or with network-level access to the device can make a direct request to download the encrypted database file from the PXC or TC device without authentication. This does not require user interaction or physical access.

Prerequisites

Network access to the Apogee PXC or Talon TC device on its management interface
No authentication is required to download the encrypted database

remotely exploitableno authentication requiredlow complexityno patch available

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (3)

3 EOL

ProductAffected VersionsFix Status

APOGEE PXC Series (BACnet)All versionsNo fix (EOL)

TALON TC Series (BACnet)All versionsNo fix (EOL)

APOGEE PXC Series (P2 Ethernet)All versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

APOGEE PXC Series (BACnet)

HARDENINGIsolate building automation network (BACnet/P2 Ethernet) from general corporate IT network and untrusted networks

All products

HARDENINGRestrict network access to Apogee PXC and Talon TC devices using firewalls or network segmentation—allow only authorized engineering workstations and HVAC systems to communicate with these controllers

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for unauthorized download attempts to the device database using network monitoring or device logs

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: APOGEE PXC Series (BACnet), TALON TC Series (BACnet), APOGEE PXC Series (P2 Ethernet). Apply the following compensating controls:

HARDENINGFollow Siemens operational security guidelines for Industrial Security and implement physical security controls around network access to these devices

CVEs (1)

CVE-2025-40757

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d3ce82da-4bd8-4a10-aa4f-dab048a945a2

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.