TCP Vulnerability in APOGEE/TALON Field Panels

Monitor6.5SSA-436469Dec 13, 2022

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

A TCP sequence handling vulnerability in APOGEE PXC Series and TALON TC Series field panels allows an attacker to send specially crafted packets that cause denial of service, freezing or crashing the device. The vulnerability affects BACnet and P2 Ethernet communication interfaces used in building automation and process control systems.

What this means

What could happen

An attacker on the network could send specially crafted packets to freeze or crash your APOGEE or TALON field panels, disrupting BACnet communication and process control until the device is manually restarted.

Who's at risk

Building automation and process control operators using Siemens APOGEE PXC Series field panels (BACnet or P2 Ethernet models) and TALON TC Series field panels for HVAC, lighting, and facility management should prioritize patching. Any organization managing these devices in networked environments is affected.

How it could be exploited

An attacker with network access to the field panel's IP address on the port where TCP is listening could send malformed TCP sequence packets that cause the device to enter a denial-of-service state. No authentication is required.

Prerequisites

Network access to the affected field panel's IP address on the TCP listening port
No authentication required

remotely exploitableno authentication requiredlow complexityaffects process control and facility management systems

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (3)

3 with fix

ProductAffected VersionsFix Status

APOGEE PXC Series (BACnet)< V3.5.53.5.5

APOGEE PXC Series (P2 Ethernet)< V2.8.202.8.20

TALON TC Series (BACnet)< V3.5.53.5.5

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to field panels using firewall rules to limit which workstations or networks can reach the TCP port

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

APOGEE PXC Series (BACnet)

HOTFIXUpdate APOGEE PXC Series (BACnet) to firmware version 3.5.5 or later

HOTFIXUpdate TALON TC Series (BACnet) to firmware version 3.5.5 or later

APOGEE PXC Series (P2 Ethernet)

HOTFIXUpdate APOGEE PXC Series (P2 Ethernet) to firmware version 2.8.20 or later

CVEs (1)

CVE-2020-28388

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/35841b73-ca4e-4abd-87cc-d6ad79111a09