CVE-2022-38371 - Vulnerability Details

Description

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC00-U (All versions >= V2.3 < V6.30.37), Desigo PXC001-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC100-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC12-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC128-U (All versions >= V2.3 < V6.30.37), Desigo PXC200-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC50-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC64-U (All versions >= V2.3 < V6.30.37), Desigo PXM20-E (All versions >= V2.3 < V6.30.37), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.

Published: 2022-10-11

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Siemens

APOGEE MBC (PPC) (BACnet)

unknown

Version	Status	Constraints
`All versions`	affected	—

Siemens

APOGEE MBC (PPC) (P2 Ethernet)

unknown

Version	Status	Constraints
`All versions`	affected	—

Siemens

APOGEE MEC (PPC) (BACnet)

unknown

Version	Status	Constraints
`All versions`	affected	—

Siemens

APOGEE MEC (PPC) (P2 Ethernet)

unknown

Version	Status	Constraints
`All versions`	affected	—

Siemens

APOGEE PXC Compact (BACnet)

unknown

Version	Status	Constraints
`0`	affected	< V3.5.7

Siemens

APOGEE PXC Compact (P2 Ethernet)

unknown

Version	Status	Constraints
`0`	affected	< V2.8.21

Siemens

APOGEE PXC Modular (BACnet)

unknown

Version	Status	Constraints
`0`	affected	< V3.5.7

Siemens

APOGEE PXC Modular (P2 Ethernet)

unknown

Version	Status	Constraints
`0`	affected	< V2.8.21

Siemens

Desigo PXC00-E.D

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC00-U

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC001-E.D

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC100-E.D

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC12-E.D

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC128-U

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC200-E.D

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC22-E.D

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC22.1-E.D

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC36.1-E.D

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC50-E.D

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXC64-U

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Desigo PXM20-E

unknown

Version	Status	Constraints
`V2.3`	affected	< V6.30.37

Siemens

Nucleus NET for Nucleus PLUS V1

unknown

Version	Status	Constraints
`All versions < V5.2a`	affected	—

Siemens

Nucleus NET for Nucleus PLUS V2

unknown

Version	Status	Constraints
`All versions < V5.4`	affected	—

Siemens

Nucleus ReadyStart V3 V2012

unknown

Version	Status	Constraints
`All versions < V2012.08.1`	affected	—

Siemens

Nucleus ReadyStart V3 V2017

unknown

Version	Status	Constraints
`All versions < V2017.02.4`	affected	—

Siemens

Nucleus Source Code

unknown

Version	Status	Constraints
`0`	affected	< *

Siemens

TALON TC Compact (BACnet)

unknown

Version	Status	Constraints
`0`	affected	< V3.5.7

Siemens

TALON TC Modular (BACnet)

unknown

Version	Status	Constraints
`0`	affected	< V3.5.7

Configuration 1 [-]

OR	cpe:2.3:a:siemens:nucleus_net::::::::
	cpe:2.3:a:siemens:nucleus_readystart_v3::::::::
	cpe:2.3:a:siemens:nucleus_source_code:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:siemens:apogee_modular_building_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_modular_building_controller:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:siemens:apogee_modular_equiment_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_modular_equiment_controller:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:siemens:apogee_pxc_compact_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_pxc_compact:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:siemens:desigo_pxc00-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc00-e.d:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:siemens:desigo_pxc00-u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc00-u:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:siemens:desigo_pxc001-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc001-e.d:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:siemens:desigo_pxc12-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc12-e.d:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:siemens:desigo_pxc22-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc22-e.d:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:desigo_pxc22.1-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc22.1-e.d:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:siemens:desigo_pxc36.1-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc36.1-e.d:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:siemens:desigo_pxc50-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc50-e.d:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:siemens:desigo_pxc64-u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc64-u:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:siemens:desigo_pxc100-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc100-e.d:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:siemens:desigo_pxc128-u_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc128-u:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:siemens:desigo_pxc200-e.d_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxc200-e.d:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:siemens:desigo_pxm20-e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:desigo_pxm20-e:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-40957	A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00791.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://cert-portal.siemens.com/productcert/html/ssa-313313.html
https://cert-portal.siemens.com/productcert/html/ssa-935500.html
https://cert-portal.siemens.com/productcert/pdf/ssa-313313.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-935500.pdf

History

Tue, 08 Apr 2025 08:30:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3), Desigo PXC00-U (All versions >= V2.3), Desigo PXC001-E.D (All versions >= V2.3), Desigo PXC100-E.D (All versions >= V2.3), Desigo PXC12-E.D (All versions >= V2.3), Desigo PXC128-U (All versions >= V2.3), Desigo PXC200-E.D (All versions >= V2.3), Desigo PXC22-E.D (All versions >= V2.3), Desigo PXC22.1-E.D (All versions >= V2.3), Desigo PXC36.1-E.D (All versions >= V2.3), Desigo PXC50-E.D (All versions >= V2.3), Desigo PXC64-U (All versions >= V2.3), Desigo PXM20-E (All versions >= V2.3), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.	A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions < V3.5.7), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.21), APOGEE PXC Modular (BACnet) (All versions < V3.5.7), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.21), Desigo PXC00-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC00-U (All versions >= V2.3 < V6.30.37), Desigo PXC001-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC100-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC12-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC128-U (All versions >= V2.3 < V6.30.37), Desigo PXC200-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC22.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC36.1-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC50-E.D (All versions >= V2.3 < V6.30.37), Desigo PXC64-U (All versions >= V2.3 < V6.30.37), Desigo PXM20-E (All versions >= V2.3 < V6.30.37), Nucleus NET for Nucleus PLUS V1 (All versions < V5.2a), Nucleus NET for Nucleus PLUS V2 (All versions < V5.4), Nucleus ReadyStart V3 V2012 (All versions < V2012.08.1), Nucleus ReadyStart V3 V2017 (All versions < V2017.02.4), Nucleus Source Code (All versions including affected FTP server), TALON TC Compact (BACnet) (All versions < V3.5.7), TALON TC Modular (BACnet) (All versions < V3.5.7). The FTP server does not properly release memory resources that were reserved for incomplete connection attempts by FTP clients. This could allow a remote attacker to generate a denial of service condition on devices that incorporate a vulnerable version of the FTP server.
Metrics		cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}`

Wed, 18 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Subscriptions

Siemens Apogee Modular Building Controller Apogee Modular Building Controller Firmware Apogee Modular Equiment Controller Apogee Modular Equiment Controller Firmware Apogee Pxc Compact Apogee Pxc Compact Firmware Apogee Pxc Modular Apogee Pxc Modular Firmware Desigo Pxc00-e.d Desigo Pxc00-e.d Firmware Desigo Pxc00-u Desigo Pxc00-u Firmware Desigo Pxc001-e.d Desigo Pxc001-e.d Firmware Desigo Pxc100-e.d Desigo Pxc100-e.d Firmware Desigo Pxc12-e.d Desigo Pxc12-e.d Firmware Desigo Pxc128-u Desigo Pxc128-u Firmware Desigo Pxc200-e.d Desigo Pxc200-e.d Firmware Desigo Pxc22-e.d Desigo Pxc22-e.d Firmware Desigo Pxc22.1-e.d Desigo Pxc22.1-e.d Firmware Desigo Pxc36.1-e.d Desigo Pxc36.1-e.d Firmware Desigo Pxc50-e.d Desigo Pxc50-e.d Firmware Desigo Pxc64-u Desigo Pxc64-u Firmware Desigo Pxm20-e Desigo Pxm20-e Firmware Nucleus Net Nucleus Readystart V3 Nucleus Source Code Talon Tc Compact Talon Tc Compact Firmware

MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2022-10-11T00:00:00.000Z

Updated: 2025-05-13T09:38:10.488Z

Reserved: 2022-08-16T00:00:00.000Z

Link: CVE-2022-38371

Vulnrichment

Updated: 2024-08-03T10:54:03.448Z

NVD

Status : Modified

Published: 2022-10-11T11:15:10.297

Modified: 2025-04-08T09:15:15.900

Link: CVE-2022-38371

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object