Details of VAR-202502-0122

ID

VAR-202502-0122

CVE

CVE-2024-54089

TITLE

Siemens APOGEE PXC Series and TALON TC Series (BACnet) Encryption Issue Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-15326

DESCRIPTION

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the password from the cyphertext. The direct digital controller (DDC) in the Siemens APOGEE PXC Series building automation system is designed for small and medium-sized buildings and has modular expansion capabilities and intelligent control functions. TALON TC Series (BACnet) is a building management system that is mainly used to monitor and control building equipment. The system implements remote management functions through the BACnet protocol and supports real-time monitoring and adjustment of environmental parameters (such as temperature, humidity, etc.) in the building

Trust: 1.44

sources: NVD: CVE-2024-54089 // CNVD: CNVD-2025-15326

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-15326

AFFECTED PRODUCTS

vendor:	siemens	model:	apogee pxc series	scope:	-	version:	-	Trust: 1.2
vendor:	siemens	model:	talon tc series	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2025-15326

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-54089
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2025-15326
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2025-15326
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-54089
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2025-15326 // NVD: CVE-2024-54089

PROBLEMTYPE DATA

problemtype:

CWE-326

Trust: 1.0

sources: NVD: CVE-2024-54089

EXTERNAL IDS

db:	NVD	id:	CVE-2024-54089	Trust: 1.6
db:	SIEMENS	id:	SSA-615116	Trust: 1.6
db:	CNVD	id:	CNVD-2025-15326	Trust: 0.6

sources: CNVD: CNVD-2025-15326 // NVD: CVE-2024-54089

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-615116.html

Trust: 1.6

sources: CNVD: CNVD-2025-15326 // NVD: CVE-2024-54089

SOURCES

db:	CNVD	id:	CNVD-2025-15326
db:	NVD	id:	CVE-2024-54089

LAST UPDATE DATE

2025-07-13T23:26:44.649000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-15326	date:	2025-07-09T00:00:00
db:	NVD	id:	CVE-2024-54089	date:	2025-02-11T11:15:15.423

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-15326	date:	2025-02-11T00:00:00
db:	NVD	id:	CVE-2024-54089	date:	2025-02-11T11:15:15.423