CVE-2025-40556

Name of the Vulnerable Software and Affected Versions: BACnet ATEC 550-440 (All versions) BACnet ATEC 550-441 (All versions) BACnet ATEC 550-445 (All versions) BACnet ATEC 550-446 (All versions)

Description: A vulnerability has been identified in the affected devices, which improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message, resulting in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation.

Recommendations: For BACnet ATEC 550-440, consider restricting access to the BACnet network to minimize the risk of exploitation. For BACnet ATEC 550-441, consider implementing network segmentation to limit the attack surface. For BACnet ATEC 550-445, consider disabling unnecessary features that may be using the vulnerable MSTP message handling. For BACnet ATEC 550-446, consider implementing a firewall rule to block incoming BACnet MSTP messages from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.