Amine Amri

**Name of the Vulnerable Software and Affected Versions** Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions all SIMOTICS CONNECT 400 versions prior to V0.5.0.0 APOGEE MBC versions all APOGEE MEC versions all APOGEE PXC versions all TALON TC versions all Nucleus NET versions all Nucleus ReadyStart V3 versions prior to V2017.02.4 Nucleus Source Code versions all Capital VSTAR versions all **Description** A vulnerability has been identified that is related to errors in processing the `SACK` parameter of TCP packets. This can lead to Information Leaks and Denial-of-Service conditions when malformed TCP packets with a corrupted `SACK` option are sent. The issue can be exploited remotely. **Recommendations** For Capital Embedded AR Classic 431-422, update to a version that fixes the issue. For Capital Embedded AR Classic R20-11, update to version V2303 or later. For PLUSCONTROL 1st Gen, consider disabling the use of TCP packets with the `SACK` option until a patch is available. For SIMOTICS CONNECT 400, update to version V0.5.0.0 or later. For APOGEE MBC, APOGEE MEC, APOGEE PXC, and TALON TC, restrict access to the `SACK` parameter in TCP packets to minimize the risk of exploitation. For Nucleus NET, Nucleus ReadyStart V3, and Nucleus Source Code, update to a version that fixes the issue or apply configuration changes to mitigate the risk. For Capital VSTAR, update to a version that fixes the issue or consider temporarily disabling the vulnerable component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability for some of the affected products.

**Name of the Vulnerable Software and Affected Versions** Capital Embedded AR Classic 431-422 versions prior to V2303 Capital Embedded AR Classic R20-11 versions prior to V2303 PLUSCONTROL 1st Gen versions prior to the fixed version SIMOTICS CONNECT 400 versions prior to V0.5.0.0 SIMOTICS CONNECT 400 versions prior to V1.0.0.0 APOGEE MBC versions prior to the fixed version APOGEE MEC versions prior to the fixed version APOGEE PXC versions prior to the fixed version Capital VSTAR versions prior to the fixed version Nucleus NET versions prior to the fixed version Nucleus ReadyStart V3 versions prior to V2017.02.4 Nucleus ReadyStart V4 versions prior to V4.1.1 Nucleus Source Code versions prior to the fixed version TALON TC versions prior to the fixed version **Description** A vulnerability has been identified that is related to errors in processing the TCP packet header. The total length of a TCP payload, set in the IP header, is unchecked, which may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. **Recommendations** For Capital Embedded AR Classic 431-422, update to a version that includes the fix for this issue. For Capital Embedded AR Classic R20-11, update to a version that includes the fix for this issue. For PLUSCONTROL 1st Gen, update to a version that includes the fix for this issue. For SIMOTICS CONNECT 400, update to a version that includes the fix for this issue, specifically V0.5.0.0 or later, or V1.0.0.0 or later. For APOGEE MBC, update to a version that includes the fix for this issue. For APOGEE MEC, update to a version that includes the fix for this issue. For APOGEE PXC, update to a version that includes the fix for this issue. For Capital VSTAR, update to a version that includes the fix for this issue. For Nucleus NET, update to a version that includes the fix for this issue. For Nucleus ReadyStart V3, update to V2017.02.4 or later. For Nucleus ReadyStart V4, update to V4.1.1 or later. For Nucleus Source Code, update to a version that includes the fix for this issue. For TALON TC, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Oryx CycloneTCP version 1.9.6 **Description** The issue is related to the improper randomness of TCP Initial Sequence Numbers (ISNs) in the CycloneTCP stack implementation. This could allow a remote attacker to gain unauthorized access to protected information. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For Oryx CycloneTCP version 1.9.6, consider updating to a newer version that properly randomizes TCP ISNs to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FNET version 4.6.3 **Description** The issue is related to the improper randomness of TCP Initial Sequence Numbers (ISNs) in the FNET protocol stack implementation. This could allow a remote attacker to gain unauthorized access to protected information. The problem stems from the use of insufficiently random values. **Recommendations** For FNET version 4.6.3, consider implementing additional randomness measures for TCP ISNs to mitigate the risk of exploitation. As a temporary workaround, restrict access to sensitive information until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PicoTCP version 1.7.0 **Description** The issue is related to the improper randomness of TCP Initial Sequence Numbers (ISNs) in the PicoTCP stack implementation. This could potentially allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with the use of insufficiently random values. **Recommendations** For PicoTCP version 1.7.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Silicon Labs uC/TCP-IP version 3.6.0 **Description** The issue is related to the improper randomness of TCP Initial Sequence Numbers (ISNs) in the stack protocol used by uC/OS and uC/TCP-IP. This could allow a remote attacker to gain unauthorized access to protected information. The problem stems from the use of insufficiently random values. **Recommendations** For Silicon Labs uC/TCP-IP version 3.6.0, consider implementing additional randomness to the TCP ISN generation process as a temporary workaround until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.