{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-28388", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "dateUpdated": "2026-06-02T20:14:56.054Z", "dateReserved": "2020-11-10T00:00:00.000Z", "datePublished": "2021-02-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-08-08T09:20:06.562Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones."}], "affected": [{"vendor": "Siemens", "product": "APOGEE PXC Compact (BACnet)", "versions": [{"version": "All versions < V3.5.5", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "APOGEE PXC Compact (P2 Ethernet)", "versions": [{"version": "All versions < V2.8.20", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "APOGEE PXC Modular (BACnet)", "versions": [{"version": "All versions < V3.5.5", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "APOGEE PXC Modular (P2 Ethernet)", "versions": [{"version": "All versions < V2.8.20", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Nucleus NET", "versions": [{"version": "All versions < V5.2", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Nucleus ReadyStart V3", "versions": [{"version": "All versions < V2012.12", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Nucleus Source Code", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "PLUSCONTROL 1st Gen", "versions": [{"version": "All versions", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "TALON TC Compact (BACnet)", "versions": [{"version": "All versions < V3.5.5", "status": "affected"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "TALON TC Modular (BACnet)", "versions": [{"version": "All versions < V3.5.5", "status": "affected"}], "defaultStatus": "unknown"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-342", "description": "CWE-342: Predictable Exact Value from Previous Values", "type": "CWE"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:33:58.999Z"}, "title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-02T19:29:04.600159Z", "id": "CVE-2020-28388", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T20:14:56.054Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf", "tags": ["x_transferred"]}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:33:58.999Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-28388", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-02T19:29:04.600159Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T19:29:09.184Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:P/RL:O/RC:C"}}], "affected": [{"vendor": "Siemens", "product": "APOGEE PXC Compact (BACnet)", "versions": [{"status": "affected", "version": "All versions < V3.5.5"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "APOGEE PXC Compact (P2 Ethernet)", "versions": [{"status": "affected", "version": "All versions < V2.8.20"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "APOGEE PXC Modular (BACnet)", "versions": [{"status": "affected", "version": "All versions < V3.5.5"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "APOGEE PXC Modular (P2 Ethernet)", "versions": [{"status": "affected", "version": "All versions < V2.8.20"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Nucleus NET", "versions": [{"status": "affected", "version": "All versions < V5.2"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Nucleus ReadyStart V3", "versions": [{"status": "affected", "version": "All versions < V2012.12"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "Nucleus Source Code", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "PLUSCONTROL 1st Gen", "versions": [{"status": "affected", "version": "All versions"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "TALON TC Compact (BACnet)", "versions": [{"status": "affected", "version": "All versions < V3.5.5"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "TALON TC Modular (BACnet)", "versions": [{"status": "affected", "version": "All versions < V3.5.5"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf"}, {"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-342", "description": "CWE-342: Predictable Exact Value from Previous Values"}]}], "providerMetadata": {"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens", "dateUpdated": "2023-08-08T09:20:06.562Z"}}}, "cveMetadata": {"cveId": "CVE-2020-28388", "state": "PUBLISHED", "dateUpdated": "2026-06-02T20:14:56.054Z", "dateReserved": "2020-11-10T00:00:00.000Z", "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "datePublished": "2021-02-09T00:00:00.000Z", "assignerShortName": "siemens"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"defaultStatus": "unknown", "product": "APOGEE PXC Compact (BACnet)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V3.5.5"}]}, {"defaultStatus": "unknown", "product": "APOGEE PXC Compact (P2 Ethernet)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V2.8.20"}]}, {"defaultStatus": "unknown", "product": "APOGEE PXC Modular (BACnet)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V3.5.5"}]}, {"defaultStatus": "unknown", "product": "APOGEE PXC Modular (P2 Ethernet)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V2.8.20"}]}, {"defaultStatus": "unknown", "product": "Nucleus NET", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V5.2"}]}, {"defaultStatus": "unknown", "product": "Nucleus ReadyStart V3", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V2012.12"}]}, {"defaultStatus": "unknown", "product": "Nucleus Source Code", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unknown", "product": "PLUSCONTROL 1st Gen", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unknown", "product": "TALON TC Compact (BACnet)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V3.5.5"}]}, {"defaultStatus": "unknown", "product": "TALON TC Modular (BACnet)", "vendor": "Siemens", "versions": [{"status": "affected", "version": "All versions < V3.5.5"}]}], "source": "productcert@siemens.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:capital_vstar:*:*:*:*:*:*:*:*", "matchCriteriaId": "3EC45D63-0FB7-4995-AF45-B41F6EF6A9E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:nucleus_net:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AA3D291-7974-459E-8629-82EEE9222881", "versionEndExcluding": "5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:nucleus_source_code:*:*:*:*:*:*:*:*", "matchCriteriaId": "07DAF9C3-B56A-4F40-B90B-D0DE96869A44", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:pluscontrol_1st_gen:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A79FC04-B321-46B2-A363-5B964032856E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:nucleus_readystart:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C4577E0-9A51-45E6-8B07-C4AB711F2801", "versionEndExcluding": "2012.12", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arm:arm:-:*:*:*:*:*:*:*", "matchCriteriaId": "7533C487-7AD2-4B6E-B4B1-9D82BBF83CF3", "vulnerable": false}, {"criteria": "cpe:2.3:h:mips:mips:-:*:*:*:*:*:*:*", "matchCriteriaId": "838DEE07-4C15-4107-90B0-BEC2E081B3F0", "vulnerable": false}, {"criteria": "cpe:2.3:h:powerpc_project:powerpc:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA4BF0DF-EE3D-4649-B7EE-F30D6473BE0B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en Capital VSTAR (Todas las versiones), Nucleus NET (Todas las versiones anteriores a V5.2), Nucleus ReadyStart V3 (Todas las versiones anteriores a V2012.12), Nucleus Source Code (Todas las versiones), PLUSCONTROL 1st Gen (Todas las versiones). Los n\u00fameros de secuencia iniciales (ISN) para las conexiones TCP se derivan de una fuente insuficientemente aleatoria. Como resultado, el ISN de las conexiones TCP actuales y futuras podr\u00eda ser predecible. Un atacante podr\u00eda secuestrar las sesiones existentes o falsificar las futuras"}], "id": "CVE-2020-28388", "lastModified": "2026-06-17T03:10:21.900", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "productcert@siemens.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2020-28388", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-06-02T19:29:04.600159Z", "version": "2.0.3"}}]}, "published": "2021-02-09T18:15:34.590", "references": [{"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"}, {"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf"}, {"source": "productcert@siemens.com", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf"}, {"source": "productcert@siemens.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-180579.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-344238.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-362164.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436469.pdf"}], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-342"}], "source": "productcert@siemens.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}