Sign-up

ID

VAR-201908-0705


CVE

CVE-2019-12264


TITLE

Wind River Systems VxWorks Parameter injection vulnerability

Trust: 1.4

sources: IVD: 099dbd8c-fa3c-4762-aac4-226d6f6b7c0e // CNVD: CNVD-2019-25706 // CNNVD: CNNVD-201907-1490

DESCRIPTION

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. Wind River VxWorks Contains an argument insertion or modification vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Wind River Systems VxWorks is an embedded real-time operating system (RTOS) from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. The vulnerability stems from the process of constructing command parameters from external input data. The network system or product does not properly filter the special characters in the parameters. An attacker could exploit the vulnerability to execute an illegal command

Trust: 2.34

sources: NVD: CVE-2019-12264 // JVNDB: JVNDB-2019-007544 // CNVD: CNVD-2019-25706 // IVD: 099dbd8c-fa3c-4762-aac4-226d6f6b7c0e

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 099dbd8c-fa3c-4762-aac4-226d6f6b7c0e // CNVD: CNVD-2019-25706

AFFECTED PRODUCTS

vendor:siemensmodel:ruggedcom win7200scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:6.9.3

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:6.9.4

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:07.5.01

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:05.3.06

Trust: 1.0

vendor:siemensmodel:ruggedcom win7018scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:6.8

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:07.2.04

Trust: 1.0

vendor:siemensmodel:ruggedcom win7000scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:6.7

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:6.6

Trust: 1.0

vendor:siemensmodel:ruggedcom win7025scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:07.0.07

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:7.0

Trust: 1.0

vendor:beldenmodel:garrettcom magnum dx940escope:lteversion:1.0.1_y7

Trust: 1.0

vendor:wind rivermodel:vxworksscope:eqversion:6.6

Trust: 0.8

vendor:wind rivermodel:vxworksscope:eqversion:6.7

Trust: 0.8

vendor:wind rivermodel:vxworksscope:eqversion:6.8

Trust: 0.8

vendor:wind rivermodel:vxworksscope:eqversion:6.9.3

Trust: 0.8

vendor:wind rivermodel:vxworksscope:eqversion:6.9.4

Trust: 0.8

vendor:wind rivermodel:vxworksscope:eqversion:7

Trust: 0.8

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.9

Trust: 0.6

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.8

Trust: 0.6

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.7

Trust: 0.6

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.6

Trust: 0.6

vendor:vxworksmodel: - scope:eqversion:6.6

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.7

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.8

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.9.3

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.9.4

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:7

Trust: 0.2

sources: IVD: 099dbd8c-fa3c-4762-aac4-226d6f6b7c0e // CNVD: CNVD-2019-25706 // JVNDB: JVNDB-2019-007544 // NVD: CVE-2019-12264

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2019-12264
value: HIGH

Trust: 1.8

CNVD: CNVD-2019-25706
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-1490
value: HIGH

Trust: 0.6

IVD: 099dbd8c-fa3c-4762-aac4-226d6f6b7c0e
value: HIGH

Trust: 0.2

NVD:
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2019-12264
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-25706
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 099dbd8c-fa3c-4762-aac4-226d6f6b7c0e
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

NVD:
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2019-12264
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 099dbd8c-fa3c-4762-aac4-226d6f6b7c0e // CNVD: CNVD-2019-25706 // JVNDB: JVNDB-2019-007544 // NVD: CVE-2019-12264 // CNNVD: CNNVD-201907-1490

PROBLEMTYPE DATA

problemtype:CWE-88

Trust: 1.8

sources: JVNDB: JVNDB-2019-007544 // NVD: CVE-2019-12264

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201907-1490

TYPE

Parameter injection

Trust: 0.8

sources: IVD: 099dbd8c-fa3c-4762-aac4-226d6f6b7c0e // CNNVD: CNNVD-201907-1490

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2019-12264

PATCH
title:SECURITY VULNERABILITY RESPONSE INFORMATIONurl:https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
Trust: 0.8
title:CVE-2019-12264url:https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12264
Trust: 0.8
title:Wind River Systems VxWorks Parameter Injection Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/172955
Trust: 0.6
title:Wind River Systems VxWorks Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95605
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-25706 // 
            
            
            
            JVNDB: JVNDB-2019-007544 // 
            
            
            
            CNNVD: CNNVD-201907-1490

EXTERNAL IDS
db:NVDid:CVE-2019-12264
Trust: 3.2
db:SIEMENSid:SSA-189842
Trust: 1.6
db:ICS CERTid:ICSA-19-274-01
Trust: 1.4
db:ICS CERTid:ICSMA-19-274-01
Trust: 1.4
db:ICS CERTid:ICSA-19-211-01
Trust: 1.4
db:CNVDid:CNVD-2019-25706
Trust: 0.8
db:CNNVDid:CNNVD-201907-1490
Trust: 0.8
db:JVNDBid:JVNDB-2019-007544
Trust: 0.8
db:AUSCERTid:ESB-2019.3695.5
Trust: 0.6
db:AUSCERTid:ESB-2019.3245
Trust: 0.6
db:AUSCERTid:ASB-2019.0224
Trust: 0.6
db:AUSCERTid:ESB-2019.2856
Trust: 0.6
db:IVDid:099DBD8C-FA3C-4762-AAC4-226D6F6B7C0E
Trust: 0.2
sources:
            
            
            IVD: 099dbd8c-fa3c-4762-aac4-226d6f6b7c0e // 
            
            
            
            CNVD: CNVD-2019-25706 // 
            
            
            
            JVNDB: JVNDB-2019-007544 // 
            
            
            
            NVD: CVE-2019-12264 // 
            
            
            
            CNNVD: CNNVD-201907-1490

REFERENCES
url:https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
Trust: 1.6
url:https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
Trust: 1.6
url:https://support.f5.com/csp/article/k41190253
Trust: 1.6
url:https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03960en_us
Trust: 1.6
url:https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12264
Trust: 1.6
url:https://www.us-cert.gov/ics/advisories/icsa-19-211-01
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsa-19-274-01
Trust: 1.4
url:https://www.us-cert.gov/ics/advisories/icsma-19-274-01
Trust: 1.4
url:https://nvd.nist.gov/vuln/detail/cve-2019-12264
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12264
Trust: 0.8
url:https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf
Trust: 0.6
url:https://www.tenable.com/blog/critical-vulnerabilities-dubbed-urgent11-place-devices-running-vxworks-at-risk-of-rce-attacks
Trust: 0.6
url:https://fortiguard.com/psirt/fg-ir-19-222
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3695.5/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.2856/
Trust: 0.6
url:https://vigilance.fr/vulnerability/wind-river-vxworks-multiple-vulnerabilities-via-ipnet-29905
Trust: 0.6
url:https://www.auscert.org.au/bulletins/asb-2019.0224/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.3245/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-25706 // 
            
            
            
            JVNDB: JVNDB-2019-007544 // 
            
            
            
            NVD: CVE-2019-12264 // 
            
            
            
            CNNVD: CNNVD-201907-1490

SOURCES
db:IVDid:099dbd8c-fa3c-4762-aac4-226d6f6b7c0e
db:CNVDid:CNVD-2019-25706
db:JVNDBid:JVNDB-2019-007544
db:NVDid:CVE-2019-12264
db:CNNVDid:CNNVD-201907-1490

LAST UPDATE DATE
2023-12-18T11:51:07.451000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-25706date:2019-08-02T00:00:00
db:JVNDBid:JVNDB-2019-007544date:2019-10-15T00:00:00
db:NVDid:CVE-2019-12264date:2022-06-16T18:10:52.543
db:CNNVDid:CNNVD-201907-1490date:2021-09-08T00:00:00

SOURCES RELEASE DATE
db:IVDid:099dbd8c-fa3c-4762-aac4-226d6f6b7c0edate:2019-08-02T00:00:00
db:CNVDid:CNVD-2019-25706date:2019-08-02T00:00:00
db:JVNDBid:JVNDB-2019-007544date:2019-08-14T00:00:00
db:NVDid:CVE-2019-12264date:2019-08-05T18:15:10.863
db:CNNVDid:CNNVD-201907-1490date:2019-07-29T00:00:00