CVE-2025-40556

Summary

A vulnerability has been identified in BACnet ATEC 550-440 (All versions), BACnet ATEC 550-441 (All versions), BACnet ATEC 550-445 (All versions), BACnet ATEC 550-446 (All versions). Affected devices improperly handle specific incoming BACnet MSTP messages. This could allow an attacker residing in the same BACnet network to send a specially crafted MSTP message that results in a denial of service condition of the targeted device. A power cycle is required to restore the device's normal operation.

Affected Software

VendorProductVersion RangeStatus
SiemensBACnet ATEC 550-4400 < *affected
SiemensBACnet ATEC 550-4410 < *affected
SiemensBACnet ATEC 550-4450 < *affected
SiemensBACnet ATEC 550-4460 < *affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References