CVE-2025-0657
BaseFortify
Publication date: 2025-11-27
Last updated on: 2025-11-27
Assigner: Carrier Global Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| carrier | i-vu_gen5_router | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |
| CWE-129 | The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a weakness in the Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380. It allows malformed packets to be sent through the BACnet MS/TP network, which causes the affected devices to enter a fault state. Once in this fault state, the devices become non-responsive on the network and require a manual power cycle to restore network visibility.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can send malformed packets to the affected devices, causing them to enter a fault state and become unreachable on the network. This disrupts normal device operation and network communication until a manual power cycle is performed, potentially causing downtime or loss of control over the devices.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately monitor devices for fault states caused by malformed BACnet MS/TP packets and perform manual power cycles to restore network visibility. Additionally, restrict or filter BACnet MS/TP traffic to prevent malformed packets from reaching affected devices until a patch or update is available.