CVE-2020-28388 : Security Advisory and Response
Learn about CVE-2020-28388 affecting Siemens products, allowing attackers to predict TCP connection Initial Sequence Numbers (ISNs) and potentially hijack or spoof sessions. Find mitigation steps and patch information.
A vulnerability has been identified in various Siemens products allowing for the prediction of TCP connection Initial Sequence Numbers (ISNs), potentially leading to session hijacking or future session spoofing.
Understanding CVE-2020-28388
This CVE involves the insufficient randomness in generating ISNs for TCP connections in multiple Siemens products.
What is CVE-2020-28388?
The vulnerability in CVE-2020-28388 allows attackers to predict ISNs, enabling them to hijack existing sessions or spoof future ones.
The Impact of CVE-2020-28388
The predictable ISNs can lead to severe security implications, including unauthorized access and data interception.
Technical Details of CVE-2020-28388
This section provides detailed technical information about the vulnerability.
Vulnerability Description
ISNs for TCP connections are derived from an insufficiently random source, making them predictable and exploitable by attackers.
Affected Systems and Versions
The following Siemens products and versions are affected:
- APOGEE PXC Compact (BACnet) (All versions < V3.5.5)
- APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20)
- APOGEE PXC Modular (BACnet) (All versions < V3.5.5)
- APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20)
- Nucleus NET (All versions < V5.2)
- Nucleus ReadyStart V3 (All versions < V2012.12)
- Nucleus Source Code (All versions)
- PLUSCONTROL 1st Gen (All versions)
- TALON TC Compact (BACnet) (All versions < V3.5.5)
- TALON TC Modular (BACnet) (All versions < V3.5.5)
Exploitation Mechanism
Attackers can exploit the predictable ISNs to perform session hijacking or spoof future sessions, compromising the security of the affected systems.
Mitigation and Prevention
Protecting systems from CVE-2020-28388 requires immediate actions and long-term security practices.
Immediate Steps to Take
- Apply patches or updates provided by Siemens to address the vulnerability.
- Monitor network traffic for any suspicious activities indicating exploitation attempts.
- Implement network segmentation to limit the impact of potential attacks.
Long-Term Security Practices
- Regularly update and patch all software and firmware to prevent known vulnerabilities.
- Conduct security assessments and penetration testing to identify and address potential weaknesses.
- Educate users and administrators about best practices for network security.
Patching and Updates
Siemens has released patches to mitigate the vulnerability. Ensure all affected systems are updated with the latest security fixes.