OTPulse
FeedAboutContact

Partial Denial of Service Vulnerability in APOGEE PXC and TALON TC Series (BACnet) Devices

Monitor4.7SSA-718393May 13, 2025
Attack VectorAdjacent
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

APOGEE PXC and TALON TC Series (BACnet) devices are vulnerable to a denial of service condition. When a specially crafted BACnet createObject request is sent to an affected device, it begins sending unsolicited broadcast messages that consume network resources and render the device unavailable. This impacts all versions of both product lines, and a power cycle is required to restore operation. No firmware update is available from Siemens.

What this means
What could happen
An attacker on the same BACnet network can trigger unsolicited broadcast messages from the device, causing it to become unavailable and potentially disrupting network-wide BACnet communications; a power cycle is required to restore normal operation.
Who's at risk
Building automation, energy management, and HVAC system operators managing Siemens APOGEE PXC and TALON TC BACnet controllers should be concerned. Any facility using these devices for energy control or facility management on a shared BACnet network is at risk.
How it could be exploited
An attacker with access to the BACnet network sends a specially crafted createObject request to the APOGEE PXC or TALON TC device. The device responds by flooding the network with unsolicited BACnet broadcast messages, rendering itself unavailable until manually power-cycled. The attacker does not need valid credentials or out-of-band access.
Prerequisites
  • Access to the same BACnet network segment as the affected device
  • Ability to send BACnet protocol messages (no authentication required)
remotely exploitable (via BACnet network)no authentication requiredno patch availablelow complexity exploit
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
APOGEE PXC+TALON TC Series (BACnet)All versionsNo fix (EOL)
Remediation & Mitigation
0/3
Do now
0/1
HARDENINGImplement network segmentation to restrict BACnet traffic to authorized devices only; isolate the affected APOGEE PXC and TALON TC devices on a protected network segment with access control lists or firewalls
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor BACnet network traffic for unsolicited broadcast messages as an indicator of attack or device malfunction
WORKAROUNDEstablish a documented procedure for power-cycling affected devices in case of denial of service condition
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/42c679a2-31d5-4abf-b390-ab0b76164b3d