#VU50601 Use of insufficiently random values in Nucleus NET and Nucleus ReadyStart - CVE-2020-28388

Cybersecurity Help s.r.o.

Published: 2021-02-10 | Updated: 2021-03-10

Vulnerability identifier: #VU50601

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-28388

CWE-ID: CWE-330

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Nucleus NET
Server applications / Other server solutions
Nucleus ReadyStart
Server applications / Other server solutions

Vendor: Siemens

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the ISN generator relies on a combination of values that can be inferred from a network capture. A remote attacker can interfere with traffic, spoof the connection and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Nucleus NET: 4.3

Nucleus ReadyStart: before 2012.12

External links
https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf
https://www.forescout.com/company/blog/numberjack-forescout-research-labs-finds-nine-isn-generation-vulnerabilities-affecting-tcpip-stacks/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Use of insufficiently random values in Siemens APOGEE/TALON Field Panels

Use of insufficiently random values in Siemens Energy PLUSCONTROL 1st Gen

Use of insufficiently random values in Siemens Nucleus NET and Nucleus ReadyStart