Vulnerabilities > CVE-2020-28388 - Unspecified vulnerability in Siemens products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

siemens

NVD

Published: 2021-02-09

Updated: 2023-08-08

Summary

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Nucleus Source Code * Siemens Nucleus NET - Siemens Capital Vstar * Siemens Pluscontrol 1ST GEN * Siemens Nucleus Readystart - Siemens Nucleus Readystart 4.1.0	6
Hardware	Arm ARM ARM -	1
Hardware	Mips Mips Mips -	1
Hardware	Powerpc_Project Powerpc Project Powerpc -	1

Summary

Vulnerable Configurations

References