CVE-2020-28388 vulnerability in Siemens Products
Published on February 9, 2021
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.
Weakness Type
Predictable Exact Value from Previous Values
An exact value or random number can be precisely predicted by observing previous values.
Products Associated with CVE-2020-28388
Want to know whenever a new CVE is published for Siemens products? stack.watch will email you.
Affected Versions
Siemens APOGEE PXC Compact (BACnet):- Version All versions < V3.5.5 is affected.
- Version All versions < V2.8.20 is affected.
- Version All versions < V3.5.5 is affected.
- Version All versions < V2.8.20 is affected.
- Version All versions < V5.2 is affected.
- Version All versions < V2012.12 is affected.
- Version All versions is affected.
- Version All versions is affected.
- Version All versions < V3.5.5 is affected.
- Version All versions < V3.5.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.