Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Siemens Patches Flaws in Building Automation Controllers

Siemens has released a firmware update for its BACnet Field Panel building automation products to address two vulnerabilities, including one classified as high severity.

Siemens has released a firmware update for its BACnet Field Panel building automation products to address two vulnerabilities, including one classified as high severity.

The flaws, apparently discovered by Siemens itself, affect APOGEE PXC and TALON TC BACnet automation controllers running a version of the firmware prior to 3.5. The affected devices are used worldwide in commercial facilities to control a wide range of heating, ventilation and air conditioning (HVAC) equipment.

The BACnet Field Panel provides a web server and a user interface that allow facility operators to easily configure, monitor and control the automation controllers.

One problem found by Siemens in these products is that the authentication mechanism can be bypassed and an attacker can download sensitive information from a device. However, the vendor has pointed out that the attacker requires network access to the web server, which is accessible on TCP ports 80 and 443, in order to exploit the flaw.

This vulnerability is tracked as CVE-2017-9946 and it’s considered high severity with a CVSS score of 7.5.

Related: Learn More at SecurityWeek’s 2017 ICS Cyber Security Conference

The second security hole, tracked as CVE-2017-9947 with a severity rating of “medium,” is a directory traversal issue that allows an attacker to obtain information on the structure of the file system on affected devices. This vulnerability also requires network access to the web server for exploitation.

While Siemens has not specified what kind of information is exposed, these types of vulnerabilities can often allow attackers to obtain information that could help them mount further attacks on the system.

Siemens addressed the flaws with the release of firmware version 3.5 for BACnet Field Panel Advanced modules. Affected organizations have been advised to contact their local service for information on how to obtain the patch.

Related: Serious Flaw Exposes Siemens Industrial Switches to Attacks

Related: Vulnerabilities Found in Siemens Building Tech, Smart Grid Products

Related: Siemens, PAS Partner on Industrial Cybersecurity

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.