Details of VAR-201908-0706

ID

VAR-201908-0706

CVE

CVE-2019-12265

TITLE

Wind River VxWorks Vulnerabilities related to resource management in

Trust: 0.8

sources: JVNDB: JVNDB-2019-007852

DESCRIPTION

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. The vulnerability stems from the process of constructing command parameters from external input data. The network system or product does not properly filter the special characters in the parameters. An attacker could exploit the vulnerability to execute an illegal command. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected: Wind River Systems VxWorks Version 7, Version 6.9, Version 6.8, Version 6.7, Version 6.6. A vulnerability in the IGMPv3 client component of Wind River VxWorks could allow unauthenticated, remote malicious user to access sensitive information on a targeted system. Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available

Trust: 2.52

sources: NVD: CVE-2019-12265 // JVNDB: JVNDB-2019-007852 // CNVD: CNVD-2019-25707 // IVD: 14a30265-6509-41d2-8c7a-3a278582ea2a // VULHUB: VHN-143994 // VULMON: CVE-2019-12265

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 14a30265-6509-41d2-8c7a-3a278582ea2a // CNVD: CNVD-2019-25707

AFFECTED PRODUCTS

vendor:	sonicos	model:	-	scope:	eq	version:	*	Trust: 2.4
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.5.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.6.1	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.0.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	5.9.0.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.4.0.	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	8.00	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.2.7.0	Trust: 1.0
vendor:	siemens	model:	power meter 9410	scope:	lt	version:	2.2.1	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7025	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.2.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	5.9.1.0.	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7200	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.7.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.2.7.1	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.3.1	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	07.2.04	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.1.4	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.2.7.7	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	07.0.07	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.5.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	5.9.1.12	Trust: 1.0
vendor:	windriver	model:	vxworks	scope:	lt	version:	6.9.4.12	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.9.2	Trust: 1.0
vendor:	windriver	model:	vxworks	scope:	gte	version:	6.5	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.0.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.6.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.4.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.4.3	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7000	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	siemens	model:	power meter 9810	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5	scope:	lt	version:	7.91	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.7.4	Trust: 1.0
vendor:	siemens	model:	siprotec 5	scope:	lt	version:	7.59	Trust: 1.0
vendor:	belden	model:	garrettcom magnum dx940e	scope:	lte	version:	1.0.1_y7	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	8.40.50.00	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.1.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.9.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	5.9.0.7	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	07.5.01	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7018	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.3.0	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	05.3.06	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.0.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.2.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.4.0	Trust: 1.0
vendor:	windriver	model:	vxworks	scope:	eq	version:	7.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.3.3	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sonicos	scope:	-	version:	-	Trust: 0.8
vendor:	ウインドリバー株式会社	model:	vxworks	scope:	-	version:	-	Trust: 0.8
vendor:	siprotec 5	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.9	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.8	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.7	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.6	Trust: 0.6
vendor:	vxworks	model:	-	scope:	eq	version:	6.5	Trust: 0.2
vendor:	vxworks	model:	-	scope:	eq	version:	6.6	Trust: 0.2
vendor:	vxworks	model:	-	scope:	eq	version:	6.7	Trust: 0.2
vendor:	vxworks	model:	-	scope:	eq	version:	6.8	Trust: 0.2
vendor:	vxworks	model:	-	scope:	eq	version:	6.9.3	Trust: 0.2
vendor:	vxworks	model:	-	scope:	eq	version:	6.9.4	Trust: 0.2
vendor:	e series santricity os controller	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	sonicos	model:	-	scope:	eq	version:	6.2.7.0	Trust: 0.2
vendor:	sonicos	model:	-	scope:	eq	version:	6.2.7.1	Trust: 0.2
vendor:	sonicos	model:	-	scope:	eq	version:	6.2.7.7	Trust: 0.2

sources: IVD: 14a30265-6509-41d2-8c7a-3a278582ea2a // CNVD: CNVD-2019-25707 // JVNDB: JVNDB-2019-007852 // NVD: CVE-2019-12265

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2019-12265
value:	MEDIUM
Trust: 1.8
CNVD:	CNVD-2019-25707
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-1489
value:	MEDIUM
Trust: 0.6
IVD:	14a30265-6509-41d2-8c7a-3a278582ea2a
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-143994
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-12265
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2019-12265
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9
CNVD:	CNVD-2019-25707
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	14a30265-6509-41d2-8c7a-3a278582ea2a
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-143994
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2019-12265
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 14a30265-6509-41d2-8c7a-3a278582ea2a // CNVD: CNVD-2019-25707 // VULHUB: VHN-143994 // VULMON: CVE-2019-12265 // JVNDB: JVNDB-2019-007852 // NVD: CVE-2019-12265 // CNNVD: CNNVD-201907-1489

PROBLEMTYPE DATA

problemtype:	CWE-401	Trust: 1.1
problemtype:	resource management issues (CWE-399) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-399	Trust: 0.1

sources: VULHUB: VHN-143994 // JVNDB: JVNDB-2019-007852 // NVD: CVE-2019-12265

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1489

TYPE

Resource management error

Trust: 0.8

sources: IVD: 14a30265-6509-41d2-8c7a-3a278582ea2a // CNNVD: CNNVD-201907-1489

CONFIGURATIONS

sources: NVD: CVE-2019-12265

PATCH

title:	Security Notices Siemens Siemens Security Advisory	url:	https://security.netapp.com/advisory/ntap-20190802-0001/	Trust: 0.8
title:	Patch for Wind River Systems VxWorks Parameter Injection Vulnerability (CNVD-2019-25707)	url:	https://www.cnvd.org.cn/patchinfo/show/172953	Trust: 0.6
title:	Wind River Systems VxWorks Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95604	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2019/07/29/wind_river_patches_vxworks/	Trust: 0.2
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=1f919286ef48798d96223ef4d2143337	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2dd69ca01b84b80e09672fedb1c26f51	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=99fa839be73f2df819a67c27caa912f8	Trust: 0.1
title:	Fortinet Security Advisories: Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)	url:	https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=fg-ir-19-222	Trust: 0.1

sources: CNVD: CNVD-2019-25707 // VULMON: CVE-2019-12265 // JVNDB: JVNDB-2019-007852 // CNNVD: CNNVD-201907-1489

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12265	Trust: 4.2
db:	SIEMENS	id:	SSA-352504	Trust: 1.8
db:	SIEMENS	id:	SSA-189842	Trust: 1.8
db:	SIEMENS	id:	SSA-632562	Trust: 1.8
db:	ICS CERT	id:	ICSA-19-274-01	Trust: 1.4
db:	ICS CERT	id:	ICSA-19-211-01	Trust: 1.4
db:	ICS CERT	id:	ICSMA-19-274-01	Trust: 1.4
db:	CNNVD	id:	CNNVD-201907-1489	Trust: 0.9
db:	ICS CERT	id:	ICSA-23-320-10	Trust: 0.9
db:	CNVD	id:	CNVD-2019-25707	Trust: 0.8
db:	JVN	id:	JVNVU92598492	Trust: 0.8
db:	JVN	id:	JVNVU92467308	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-007852	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.3695.5	Trust: 0.6
db:	AUSCERT	id:	ASB-2019.0224	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.3245	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2856	Trust: 0.6
db:	IVD	id:	14A30265-6509-41D2-8C7A-3A278582EA2A	Trust: 0.2
db:	VULHUB	id:	VHN-143994	Trust: 0.1
db:	VULMON	id:	CVE-2019-12265	Trust: 0.1

REFERENCES

url:	https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12265	Trust: 2.3
url:	https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf	Trust: 1.8
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0009	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190802-0001/	Trust: 1.8
url:	https://support.f5.com/csp/article/k41190253	Trust: 1.8
url:	https://support2.windriver.com/index.php?page=security-notices	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12265	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsa-19-274-01	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsma-19-274-01	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsa-19-211-01	Trust: 1.4
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-10	Trust: 0.9
url:	https://jvn.jp/vu/jvnvu92467308/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92598492/index.html	Trust: 0.8
url:	https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf	Trust: 0.6
url:	https://www.tenable.com/blog/critical-vulnerabilities-dubbed-urgent11-place-devices-running-vxworks-at-risk-of-rce-attacks	Trust: 0.6
url:	https://fortiguard.com/psirt/fg-ir-19-222	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3695.5/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2856/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/wind-river-vxworks-multiple-vulnerabilities-via-ipnet-29905	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/asb-2019.0224/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3245/	Trust: 0.6
url:	https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12265	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/401.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=60689	Trust: 0.1

sources: CNVD: CNVD-2019-25707 // VULHUB: VHN-143994 // VULMON: CVE-2019-12265 // JVNDB: JVNDB-2019-007852 // NVD: CVE-2019-12265 // CNNVD: CNNVD-201907-1489

SOURCES

db:	IVD	id:	14a30265-6509-41d2-8c7a-3a278582ea2a
db:	CNVD	id:	CNVD-2019-25707
db:	VULHUB	id:	VHN-143994
db:	VULMON	id:	CVE-2019-12265
db:	JVNDB	id:	JVNDB-2019-007852
db:	NVD	id:	CVE-2019-12265
db:	CNNVD	id:	CNNVD-201907-1489

LAST UPDATE DATE

2023-12-18T11:30:06.499000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-25707	date:	2019-08-02T00:00:00
db:	VULHUB	id:	VHN-143994	date:	2020-08-24T00:00:00
db:	VULMON	id:	CVE-2019-12265	date:	2022-08-12T00:00:00
db:	JVNDB	id:	JVNDB-2019-007852	date:	2023-11-21T01:26:00
db:	NVD	id:	CVE-2019-12265	date:	2022-08-12T18:44:44.460
db:	CNNVD	id:	CNNVD-201907-1489	date:	2022-03-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	14a30265-6509-41d2-8c7a-3a278582ea2a	date:	2019-08-02T00:00:00
db:	CNVD	id:	CNVD-2019-25707	date:	2019-08-02T00:00:00
db:	VULHUB	id:	VHN-143994	date:	2019-08-09T00:00:00
db:	VULMON	id:	CVE-2019-12265	date:	2019-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-007852	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2019-12265	date:	2019-08-09T19:15:11.327
db:	CNNVD	id:	CNNVD-201907-1489	date:	2019-07-29T00:00:00