451 matches found
CVE-2018-18878
In firmware version MS2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable...
CVE-2021-31885
A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...
CVE-2022-37122
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly...
CVE-2020-7233
KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOORNAME variable in the BCLogon.swf file...
CVE-2025-40555
A vulnerability has been identified in APOGEE PXC+TALON TC Series BACnet All versions. Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially...
CVE-2025-40556
A vulnerability has been identified in BACnet ATEC 550-440 All versions, BACnet ATEC 550-441 All versions, BACnet ATEC 550-445 All versions, BACnet ATEC 550-446 All versions. Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the sa...
CVE-2024-41974
A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication...
CVE-2019-12480
BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service bacserv daemon cras...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the npduisexpectedreply function. An attacker can cause a crash or misroute replies by sending specially crafted PDUs that trigger out-of-bounds reads. Remediation A fix was pushed into the master branch but not y...
CVE-2025-66624
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...
EUVD-2025-201496
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...
CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...
CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...
CVE-2025-66624
CVE-2025-66624 affects the BACnet Protocol Stack prior to 1.5.0.rc2. The npdu_is_expected_reply function indexes APDU bytes (request_pdu[offset+2/3/5] and reply_pdu[offset+1/2/4]) without validating existence, allowing out-of-bounds reads in tiny PDUs. This can cause an immediate crash (DoS) on A...
CVE-2025-66624 BACnet-stack MS/TP reply matcher OOB read
BACnet Protocol Stack library provides a BACnet application layer, network layer and media access MAC layer communications services. Prior to 1.5.0.rc2, The npduisexpectedreply function in src/bacnet/npdu.c indexes requestpduoffset+2/3/5 and replypduoffset+1/2/4 without verifying that those APDU...
PT-2025-49309
Name of the Vulnerable Software and Affected Versions BACnet Protocol Stack versions prior to 1.5.0.rc2 Description The BACnet Protocol Stack library contains flaws in the npdu is expected reply function within src/bacnet/npdu.c. This function does not properly validate the existence of Applicati...
BACnet Stack 缓冲区错误漏洞
BACnet Stack is a BACnet open source protocol stack C library for embedded systems, Linux, MacOS, BSD and Windows. A buffer error vulnerability exists in BACnet Stack versions prior to 1.5.0.rc2, which stems from the npduisexpectedreply function failing to validate the presence of an APDU byte,...
CVE-2020-36872
BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port 47808/udp. A remote unauthenticated...
CVE-2025-0657
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...
EUVD-2025-199779
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drvgen5106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility...