Iszzzzz

**Name of the Vulnerable Software and Affected Versions** Contemporary Control System BASrouter BACnet BASRT-B version 2.7.2 **Description** A problematic issue was found in the UDP Packet Handler component, leading to denial of service. The manipulation can be initiated remotely. The vendor was contacted about this disclosure but did not respond. **Recommendations** For version 2.7.2, as a temporary workaround, consider disabling the UDP Packet Handler component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Contemporary Control System BASrouter BACnet BASRT-B version 2.7.2 **Description** A critical vulnerability was found in the Application Protocol Data Unit component, which can be exploited remotely, leading to denial of service. The exploit has been disclosed to the public. **Recommendations** For version 2.7.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Shanghai Sunfull Automation BACnet Server HMI1002-ARM version 2.0.4 **Description** A critical vulnerability has been found in the Message Handler component of the software, leading to a buffer overflow. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. **Recommendations** For version 2.0.4, as a temporary workaround, consider disabling the Message Handler component until a patch is available. Restrict access to the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Contemporary Controls BASrouter BACnet BASRT-B version 2.7.2 **Description** A critical vulnerability has been found in the Device-Communication-Control Service component. The manipulation with the input `55ff0500370015f30104025506110afb7519035d0841e4bece257b6acfc71f` leads to denial of service. The exploit has been disclosed to the public and may be used. **Recommendations** For version 2.7.2, as a temporary workaround, consider disabling the Device-Communication-Control Service until a patch is available. Restrict access to the network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.