CVE-2025-40555
MEDIUMSiemens APOGEE PXC+TALON TC Series (BACnet) - Denial of Service via BACnet createObject Request
Title source: llmDescription
A vulnerability has been identified in APOGEE PXC+TALON TC Series (BACnet) (All versions). Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a partial denial of service condition of the targeted device, and potentially reduce the availability of BACnet network. A power cycle is required to restore the device's normal operation.
References (1)
Core 1
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-718393.html
Scores
CVSS v3
4.7
EPSS
0.0011
EPSS Percentile
28.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-440
Status
published
Products (1)
Siemens/APOGEE PXC+TALON TC Series (BACnet)
Published
May 13, 2025
Tracked Since
Feb 18, 2026