A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
History
08 Aug 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | NVD-CWE-Other | |
Summary | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. |
13 Dec 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions < V3.5.5), APOGEE PXC Series (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Series (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. |
13 Dec 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Nov 2021, 22:17
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (All versions), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. |
10 Nov 2021, 01:16
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2012.12), PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. |
09 Nov 2021, 21:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:pluscontrol_1st_gen:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf - Vendor Advisory |
09 Nov 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Capital VSTAR (All versions), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. |
15 Mar 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2012.12), PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. |
15 Mar 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2012.12), PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. |
09 Mar 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-342 |
12 Feb 2021, 21:34
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:* cpe:2.3:h:arm:arm:-:*:*:*:*:*:*:* cpe:2.3:h:powerpc_project:powerpc:-:*:*:*:*:*:*:* cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:* cpe:2.3:h:mips:mips:-:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf - Vendor Advisory |
09 Feb 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-09 18:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-28388
Mitre link : CVE-2020-28388
CVE.ORG link : CVE-2020-28388
JSON object : View
Products Affected
siemens
- pluscontrol_1st_gen
- nucleus_readystart
- capital_vstar
- nucleus_source_code
- nucleus_net
arm
- arm
mips
- mips
powerpc_project
- powerpc
CWE