Siemens APOGEE PXC / TALON TC Authentication Bypass

Posted on 28 October 2022

APOLOGEE is a Python script and Metasploit module that enumerates a hidden directory on Siemens APOGEE PXC BACnet Automation Controllers and TALON TC BACnet Automation Controllers. With a 7.5 CVSS, this exploit allows for an attacker to perform an authentication bypass using an alternate path or channel to access hidden directories in the web server. All versions prior to 3.5 are affected.