Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-28388

CVSS 6.5 · Medium EPSS 0.42% · P62
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-28388

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
从先前值可预测准确值
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Siemens产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Siemens TALON Series是德国西门子(Siemens)公司的一个开放系统。使控制器和应用程序在单个平台上运行,同时彼此互操作。 Siemens产品中存在安全漏洞,该漏洞源于该产品的TCP连接的初始序列号(ISN)是从一个不够随机的源中派生出来的。因此,可以预测当前和未来TCP连接的ISN。攻击者可以劫持现有会话或欺骗未来会话
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SiemensAPOGEE PXC Compact (BACnet) All versions < V3.5.5 -
SiemensAPOGEE PXC Compact (P2 Ethernet) All versions < V2.8.20 -
SiemensAPOGEE PXC Modular (BACnet) All versions < V3.5.5 -
SiemensAPOGEE PXC Modular (P2 Ethernet) All versions < V2.8.20 -
SiemensNucleus NET All versions < V5.2 -
SiemensNucleus ReadyStart V3 All versions < V2012.12 -
SiemensNucleus Source Code All versions -
SiemensPLUSCONTROL 1st Gen All versions -
SiemensTALON TC Compact (BACnet) All versions < V3.5.5 -
SiemensTALON TC Modular (BACnet) All versions < V3.5.5 -

II. Public POCs for CVE-2020-28388

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-28388

登录查看更多情报信息。

Same Patch Batch · Siemens · 2021-02-09 · 20 CVEs total

CVE-2020-27002Siemens Jt2go 缓冲区错误漏洞
CVE-2021-25666SCALANCE W780 和 W740 安全漏洞
CVE-2020-28394JT2Go 缓冲区错误漏洞
CVE-2020-28392siemens SIMARIS configuratio 权限许可和访问控制问题漏洞
CVE-2020-27008JT2Go 缓冲区错误漏洞
CVE-2020-27007JT2Go 缓冲区错误漏洞
CVE-2020-27006JT2Go 缓冲区错误漏洞
CVE-2020-27005JT2Go 缓冲区错误漏洞
CVE-2020-27004JT2Go 缓冲区错误漏洞
CVE-2020-27003JT2Go 缓冲区错误漏洞
CVE-2020-10048SIMATIC PCS 7 和 SIMATIC WinCC 授权问题漏洞
CVE-2020-27001Siemens Jt2go 缓冲区错误漏洞
CVE-2020-27000JT2Go 缓冲区错误漏洞
CVE-2020-26999Siemens Jt2go 缓冲区错误漏洞
CVE-2020-26998Siemens Jt2go 缓冲区错误漏洞
CVE-2020-25245DIGSI 4 权限许可和访问控制问题漏洞
CVE-2020-25238Siemens TIA Portal 代码问题漏洞
CVE-2020-25237SINEC NMS 路径遍历漏洞
CVE-2020-15798Siemens Simatic Hmi 访问控制错误漏洞

IV. Related Vulnerabilities

Same product: APOGEE PXC Compact (BACnet)
Same vendor: Siemens
Same weakness: CWE-342

V. Comments for CVE-2020-28388

No comments yet

Leave a comment