An administrator may attempt to block all networks by specifying * or all as the network identifier. However, these values are not supported and do not trigger any validation error. Instead, they are silently interpreted as network 0 which results in no networks being blocked at all.
Weakness
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Universal_bacnet_router_firmware | Mbs-solutions | * | 6.0.1.0 (excluding) |