|2017-10-12||Other||Siemens||Siemens reported these vulnerabilities to ICS-CERT.
||N/A||CVE-2017-9946 CVE-2017-9947 ||N/A||N/A||N/A|
# Siemens BACnet Field Panels
### VULNERABLE VENDOR
### VULNERABLE PRODUCT
BACnet Field Panels
Siemens reported these vulnerabilities to ICS-CERT.
### AFFECTED PRODUCTS
Siemens reports that the vulnerabilities affect the following BACnet field panels:
APOGEE PXC BACnet Automation Controllers: All versions prior to V3.5
TALON TC BACnet Automation Controllers: All versions prior to V3.5
Successful exploitation of these vulnerabilities could allow unauthenticated attackers with access to the integrated webserver to download sensitive information.
### VULNERABILITY OVERVIEW
AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288
An attacker with network access to the integrated web server (Ports 80/TCP and 443/TCP) could bypass the authentication and download sensitive information from the device.
CVE-2017-9946 has been assigned to this vulnerability.
A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (Ports 80/TCP and 443/TCP) to obtain information on the structure of the file system of the affected devices.
CVE-2017-9947 has been assigned to this vulnerability.
A CVSS v3 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Critical Infrastructure Sector: Commercial facilities
Countries/Areas Deployed: Worldwide
Company Headquarters Location: Germany
Siemens has provided firmware Version V3.5 for BACnet Field Panels Advanced modules, which fixes the vulnerabilities, and they recommend that users update to the new fixed version. Users should contact the local service organization for further information on how to obtain and apply V3.5. The web form is available at the following location on the Siemens web site:
For more information on this vulnerability and more detailed mitigation instructions, please see Siemens Security Advisory SSA-148078 at the following location: