Lucene search
K

451 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:12 p.m.14 views

CVE-2018-18878

In firmware version MS2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable...

7.8CVSS7.1AI score0.02889EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.3 views

CVE-2021-31885

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

7.5CVSS7.3AI score0.01197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.8 views

CVE-2022-37122

Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...

7.5CVSS6.9AI score0.19669EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.7 views

CVE-2020-7233

KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOORNAME variable in the BCLogon.swf file...

10CVSS7.2AI score0.01655EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.29 views

CVE-2025-40555

A vulnerability has been identified in APOGEE PXC+TALON TC Series BACnet All versions. Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially...

5.3CVSS6.7AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:45 a.m.30 views

CVE-2025-40556

A vulnerability has been identified in BACnet ATEC 550-440 All versions, BACnet ATEC 550-441 All versions, BACnet ATEC 550-445 All versions, BACnet ATEC 550-446 All versions. Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the sa...

7.1CVSS6.9AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.6 views

CVE-2024-41974

A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication...

7.1CVSS7AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:29 a.m.5 views

CVE-2019-12480

BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service bacserv daemon cras...

7.5CVSS6.9AI score0.33653EPSS
Exploits5References1
Snyk
Snyk
added 2025/12/05 7:41 p.m.6 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the npduisexpectedreply function. An attacker can cause a crash or misroute replies by sending specially crafted PDUs that trigger out-of-bounds reads. Remediation A fix was pushed into the master branch but not y...

8.7CVSS5.7AI score0.00359EPSS
Exploits1References2
NVD
NVD
added 2025/12/05 7:15 p.m.6 views

CVE-2025-66624

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

7.5CVSS0.00359EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/05 6:36 p.m.5 views

EUVD-2025-201496

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

7.5CVSS6.3AI score0.00359EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/05 6:36 p.m.15 views

CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

7.5CVSS0.00359EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/05 6:36 p.m.5 views

CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

7.5CVSS6.4AI score0.00359EPSS
Exploits1References2
CVE
CVE
added 2025/12/05 6:36 p.m.13 views

CVE-2025-66624

CVE-2025-66624 affects the BACnet Protocol Stack prior to 1.5.0.rc2. The npdu_is_expected_reply function indexes APDU bytes (request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4]) without validating existence, allowing out-of-bounds reads in tiny PDUs. This can cause an immediate crash (DoS) on A...

7.5CVSS6.4AI score0.00359EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/05 6:36 p.m.6 views

CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read

BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...

7.5CVSS6.7AI score0.00359EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.7 views

PT-2025-49309

Name of the Vulnerable Software and Affected Versions BACnet Protocol Stack versions prior to 1.5.0.rc2 Description The BACnet Protocol Stack library contains flaws in the npdu is expected reply function within src/bacnet/npdu.c. This function does not properly validate the existence of Applicati...

7.5CVSS7.8AI score0.00359EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/12/05 12:0 a.m.4 views

BACnet Stack 缓冲区错误漏洞

BACnet Stack is a BACnet open source protocol stack C library for embedded systems, Linux, MacOS, BSD and Windows. A buffer error vulnerability exists in BACnet Stack versions prior to 1.5.0.rc2, which stems from the npduisexpectedreply function failing to validate the presence of an APDU byte,...

7.5CVSS6.5AI score0.00359EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/12/02 12:22 p.m.13 views

CVE-2020-36872

BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port 47808/udp. A remote unauthenticated...

8.7CVSS6.8AI score0.00431EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/28 1:5 a.m.15 views

CVE-2025-0657

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...

8.8CVSS6.8AI score0.00291EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/27 3:30 a.m.6 views

EUVD-2025-199779

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...

8.8CVSS6.3AI score0.00291EPSS
Exploits0References2
Rows per page
Query Builder