AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC AT_NA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within the current receive window, which violates RFC5961. This flaw allows attackers to send multiple random TCP RST packets to hit the acceptable range of sequence numbers, thereby interrupting normal connections and causing a denial-of-service attack.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Nanda Automation Technology |
|
No data.
No data.
References
History
Tue, 30 Sep 2025 09:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Nanda Automation Technology
Nanda Automation Technology at Na2000 |
|
| Vendors & Products |
Nanda Automation Technology
Nanda Automation Technology at Na2000 |
Mon, 29 Sep 2025 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | AT_NA2000 from Nanda Automation Technology vendor has a denial-of-service vulnerability. For the processing of TCP RST packets, PLC AT_NA2000 has a wide acceptable range of sequence numbers. It does not require the sequence number to exactly match the next expected sequence value, just to be within the current receive window, which violates RFC5961. This flaw allows attackers to send multiple random TCP RST packets to hit the acceptable range of sequence numbers, thereby interrupting normal connections and causing a denial-of-service attack. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2025-09-29T00:00:00.000Z
Updated: 2025-09-29T16:48:01.337Z
Reserved: 2025-08-16T00:00:00.000Z
Link: CVE-2025-56234
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2025-09-29T17:15:31.840
Modified: 2025-09-29T19:34:10.030
Link: CVE-2025-56234
Redhat
No data.