CVE-2020-28388 Information
Jun 07, 2022
cve
Description
A vulnerability has been identified in Capital VSTAR (All versions) Nucleus NET (All versions < V5.2) Nucleus ReadyStart V3 (All versions < V2012.12) Nucleus Source Code (All versions) PLUSCONTROL 1st Gen (All versions). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
5.3
Share on: