CVE-2020-28388

by Fred · 09/02/2021

A vulnerability has been identified in Nucleus NET (All versions < V5.2), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2012.12), PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones. Date published : 2021-02-09 https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf

CVE-2020-28388

Similar

Recent Posts

Categories

CVE-2020-28388

Share this:

Similar

Recent Posts

Categories

Tags