CVE-2024-28957

Summary

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.

Affected Software

VendorProductVersion RangeStatus
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.Cente TCP/IPv4Ver.1.41 and earlieraffected
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.Cente TCP/IPv4 SNMPv2Ver.2.30 and earlieraffected
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.Cente TCP/IPv4 SNMPv3Ver.2.30 and earlieraffected
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.Cente IPv6Ver.1.51 and earlieraffected
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.Cente IPv6 SNMPv2Ver.2.30 and earlieraffected
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.Cente IPv6 SNMPv3Ver.2.30 and earlieraffected

Weaknesses

  • Generation of Predictable Numbers or Identifiers

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References