CVE-2025-40757
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-09

Assigner: Siemens AG

Description
A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices connected to the network allow unrestricted access to sensitive files, such as databases. This could allow an attacker to download encrypted .db file containing passwords.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-09
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-40757
EUVD
EUVD-2025-27241
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
siemens talon_tc_series *
siemens apogee_pxc_series *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Siemens APOGEE PXC Series and TALON TC Series devices connected to a network. It allows attackers to access and download encrypted database (.db) files from the devices, which contain sensitive information such as passwords. The vulnerability results from unrestricted access to these sensitive files on affected devices. [1]

Impact Analysis

An attacker exploiting this vulnerability could obtain encrypted database files containing passwords, potentially leading to unauthorized access to the device or network. This exposure of sensitive information could compromise the security of the affected systems and any connected infrastructure. [1]

Mitigation Strategies

Immediate mitigation steps include changing all three default passwords even if unused, ensuring all account passwords are strong (up to 15 characters including uppercase, lowercase, numbers, and special characters), and disabling telnet (which is disabled by default). Additionally, protect network access with appropriate security mechanisms and configure the operational environment according to Siemens' Industrial Security guidelines. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40757. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart