A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 05:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf - | |
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf - Vendor Advisory | |
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf - Vendor Advisory | |
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf - | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 6.5 |
08 Aug 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
References |
|
|
Summary | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. |
13 Dec 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Series (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. |
17 Nov 2021, 22:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (All versions), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. |
10 Nov 2021, 01:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:pluscontrol_1st_gen:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf - Vendor Advisory |
Information
Published : 2021-02-09 18:15
Updated : 2024-11-21 05:22
NVD link : CVE-2020-28388
Mitre link : CVE-2020-28388
CVE.ORG link : CVE-2020-28388
JSON object : View
Products Affected
powerpc_project
- powerpc
siemens
- nucleus_net
- capital_vstar
- nucleus_source_code
- pluscontrol_1st_gen
- nucleus_readystart
mips
- mips
arm
- arm
CWE