Overview
- Description
- A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.
- Source
- productcert@siemens.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
- productcert@siemens.com
- CWE-342
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EC45D63-0FB7-4995-AF45-B41F6EF6A9E2"
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7AA3D291-7974-459E-8629-82EEE9222881",
"versionEndExcluding": "5.2"
},
{
"criteria": "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07DAF9C3-B56A-4F40-B90B-D0DE96869A44"
},
{
"criteria": "cpe:2.3:a:siemens:pluscontrol_1st_gen:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A79FC04-B321-46B2-A363-5B964032856E"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C4577E0-9A51-45E6-8B07-C4AB711F2801",
"versionEndExcluding": "2012.12"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arm:arm:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7533C487-7AD2-4B6E-B4B1-9D82BBF83CF3"
},
{
"criteria": "cpe:2.3:h:mips:mips:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "838DEE07-4C15-4107-90B0-BEC2E081B3F0"
},
{
"criteria": "cpe:2.3:h:powerpc_project:powerpc:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EA4BF0DF-EE3D-4649-B7EE-F30D6473BE0B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]