CVE-2020-28388

Name of the Vulnerable Software and Affected Versions APOGEE PXC Compact (BACnet) versions prior to V3.5.5 APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.20 APOGEE PXC Modular (BACnet) versions prior to V3.5.5 APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.20 Nucleus NET versions prior to V5.2 Nucleus ReadyStart V3 versions prior to V2012.12 Nucleus Source Code (all versions) PLUSCONTROL 1st Gen (all versions) TALON TC Compact (BACnet) versions prior to V3.5.5 TALON TC Modular (BACnet) versions prior to V3.5.5

Description The issue is related to the predictability of Initial Sequence Numbers (ISNs) for TCP connections, which are derived from an insufficiently random source. This could allow an attacker to predict the ISN of current and future TCP connections, potentially enabling them to hijack existing sessions or spoof future ones.

Recommendations For APOGEE PXC Compact (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later. For APOGEE PXC Compact (P2 Ethernet) versions prior to V2.8.20, update to version V2.8.20 or later. For APOGEE PXC Modular (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later. For APOGEE PXC Modular (P2 Ethernet) versions prior to V2.8.20, update to version V2.8.20 or later. For Nucleus NET versions prior to V5.2, update to version V5.2 or later. For Nucleus ReadyStart V3 versions prior to V2012.12, update to version V2012.12 or later. For Nucleus Source Code, consider implementing a more secure random number generator for ISNs. For PLUSCONTROL 1st Gen, consider implementing a more secure random number generator for ISNs or seeking an alternative solution. For TALON TC Compact (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later. For TALON TC Modular (BACnet) versions prior to V3.5.5, update to version V3.5.5 or later.