Vulnerabilities > CVE-2020-27632 - Unspecified vulnerability in Siemens Simatic Mv420 Firmware and Simatic Mv440 Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 2 | |
Hardware | 2 |
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-599268.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-599268.pdf
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-042-01
- https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
- https://www.forescout.com/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/