CVE-2019-12480
CVE-2019-12480
BACnet Protocol Stack through 0.8.6 has a segmentation fault leading to denial of service in BACnet APDU Layer because a malformed DCC in AtomicWriteFile, AtomicReadFile and DeviceCommunicationControl services. An unauthenticated remote attacker could cause a denial of service (bacserv daemon crash) because there is an invalid read in bacdcode.c during parsing of alarm tag numbers.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/153716/BACnet-Stack-0.8.6-Denial-Of-Service.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47148unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/153716/BACnet-Stack-0.8.6-Denial-Of-Service.htmlhttps://1modm.github.io/CVE-2019-12480.htmlhttps://sourceforge.net/p/bacnet/bugs/62/https://sourceforge.net/p/bacnet/code/3220https://sourceforge.net/p/bacnet/code/3223https://sourceforge.net/p/bacnet/code/3224https://sourceforge.net/p/bacnet/code/3225