I have not looked in detail at the standard you linked to, but in general, applying a PRF (such as HMAC) to the plaintext (plus associated data and/or a nonce, if any) to derive a message authentication tag, and then using the same authentication tag as the IV to a conventional IND\$-secure length-preserving IV-based encryption scheme, is an instance of the "SIV construction" (Rogaway & Shrimpton 2007, pp. 6–9). Thus, if the assumptions of Rogaway & Shrimpton's proof are met, this construction yields a secure deterministic authenticated encryption scheme (if used without a nonce) or a misuse-resistant authenticated encryption scheme (if used with a nonce) in the sense defined in the paper.
However, a notable issue in applying the SIV proof to the BACnet scheme (as you describe it) is that basic CBC mode (without ciphertext stealing) is not length-preserving. In particular, the scheme you describe appears potentially vulnerable to the CBC padding oracle attack if an attacker can distinguish a CBC padding error from an HMAC mismatch. Even if the recipient is specified to return the exact same error in both cases, it might still be possible to distinguish the two cases by timing how long it takes the recipient to reject the message.
A simple solution to this issue would be to replace CBC with a length-preserving encryption mode, such as CTR, CFB or even CBC with ciphertext stealing.
Ps. I thought this question seems vaguely familiar, and while searching for references I stumbled across an earlier very similar question about HMAC + CBC in an SIV-like construction that I'd previously answered:
Also, for general information about the security of the MAC-and-encrypt structure of SIV mode, see the following question:
as well as the paper "Reconsidering Generic Composition" by Namprempre, Rogaway and Shrimpton (Cryptology ePrint Archive, Report 2014/206, 2014) which I cite in my answer there.
