Details of VAR-201908-0712

ID

VAR-201908-0712

CVE

CVE-2019-12255

TITLE

Wind River Systems VxWorks Digital Error Vulnerability

Trust: 0.8

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNVD: CNVD-2019-25700

DESCRIPTION

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Wind River VxWorks Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Wind River Systems VxWorks is an embedded real-time operating system (RTOS) from Wind River Systems. An attacker could exploit the vulnerability to execute code. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Wind River Systems VxWorks Version 6.9, Version 6.8, Version 6.7, Version 6.6. A vulnerability in Wind River VxWorks could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition or execute arbitrary code on a targeted system. A successful exploit could allow the malicious user to execute arbitrary code or cause a DoS condition on the targeted system

Trust: 2.52

sources: NVD: CVE-2019-12255 // JVNDB: JVNDB-2019-007841 // CNVD: CNVD-2019-25700 // IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // VULHUB: VHN-143983 // VULMON: CVE-2019-12255

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNVD: CNVD-2019-25700

AFFECTED PRODUCTS

vendor:	sonicos	model:	-	scope:	eq	version:	*	Trust: 2.6
vendor:	windriver	model:	vxworks	scope:	lt	version:	6.9.4	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.5.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.6.1	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.0.0	Trust: 1.0
vendor:	siemens	model:	siprotec 5	scope:	eq	version:	*	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	5.9.0.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.4.0.	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	gte	version:	8.00	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.2.7.0	Trust: 1.0
vendor:	siemens	model:	power meter 9410	scope:	lt	version:	2.2.1	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7025	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.2.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	5.9.1.0.	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7200	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.2.7.1	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.3.1	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	07.2.04	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.1.4	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	eq	version:	6.2.7.7	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	07.0.07	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.5.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	5.9.1.12	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.9.2	Trust: 1.0
vendor:	windriver	model:	vxworks	scope:	gte	version:	6.5	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.0.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.6.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.4.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.4.3	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7000	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	siemens	model:	power meter 9810	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	siprotec 5	scope:	lt	version:	7.91	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.2.7.4	Trust: 1.0
vendor:	belden	model:	garrettcom magnum dx940e	scope:	lte	version:	1.0.1_y7	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	lte	version:	8.40.50.00	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.1.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.9.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	5.9.0.7	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	07.5.01	Trust: 1.0
vendor:	siemens	model:	ruggedcom win7018	scope:	lt	version:	bs5.2.461.17	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.3.0	Trust: 1.0
vendor:	belden	model:	hirschmann hios	scope:	lte	version:	05.3.06	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.0.3	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.5.2.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.4.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	gte	version:	6.2.7.0	Trust: 1.0
vendor:	sonicwall	model:	sonicos	scope:	lte	version:	6.5.3.3	Trust: 1.0
vendor:	netapp	model:	e-series santricity os controller	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	siprotec 5	scope:	-	version:	-	Trust: 0.8
vendor:	sonicwall	model:	sonicos	scope:	-	version:	-	Trust: 0.8
vendor:	ウインドリバー株式会社	model:	vxworks	scope:	-	version:	-	Trust: 0.8
vendor:	siprotec 5	model:	-	scope:	eq	version:	*	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.9	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.8	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.7	Trust: 0.6
vendor:	wind	model:	river systems wind river systems vxworks	scope:	eq	version:	6.6	Trust: 0.6
vendor:	vxworks	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	e series santricity os controller	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	sonicos	model:	-	scope:	eq	version:	6.2.7.1	Trust: 0.2
vendor:	sonicos	model:	-	scope:	eq	version:	6.2.7.7	Trust: 0.2

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNVD: CNVD-2019-25700 // JVNDB: JVNDB-2019-007841 // NVD: CVE-2019-12255

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2019-12255
value:	CRITICAL
Trust: 1.8
CNVD:	CNVD-2019-25700
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201907-1497
value:	CRITICAL
Trust: 0.6
IVD:	61d7170c-1da5-4162-b6ec-a6c8da8a0466
value:	CRITICAL
Trust: 0.2
VULHUB:	VHN-143983
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-12255
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2019-12255
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9
CNVD:	CNVD-2019-25700
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	61d7170c-1da5-4162-b6ec-a6c8da8a0466
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-143983
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-12255
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNVD: CNVD-2019-25700 // VULHUB: VHN-143983 // VULMON: CVE-2019-12255 // JVNDB: JVNDB-2019-007841 // NVD: CVE-2019-12255 // CNNVD: CNNVD-201907-1497

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	Buffer error (CWE-119) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-119	Trust: 0.1

sources: VULHUB: VHN-143983 // JVNDB: JVNDB-2019-007841 // NVD: CVE-2019-12255

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1497

TYPE

Buffer error

Trust: 0.8

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNNVD: CNNVD-201907-1497

CONFIGURATIONS

sources: NVD: CVE-2019-12255

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2019-12255

PATCH

title:	Security Notices Siemens Siemens Security Advisory	url:	https://security.netapp.com/advisory/ntap-20190802-0001/	Trust: 0.8
title:	Wind River Systems VxWorks Patch for Digital Error Vulnerabilities	url:	https://www.cnvd.org.cn/patchinfo/show/172897	Trust: 0.6
title:	Wind River Systems VxWorks Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95612	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2019/07/29/wind_river_patches_vxworks/	Trust: 0.2
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=1f919286ef48798d96223ef4d2143337	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2dd69ca01b84b80e09672fedb1c26f51	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=99fa839be73f2df819a67c27caa912f8	Trust: 0.1
title:	Fortinet Security Advisories: Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)	url:	https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=fg-ir-19-222	Trust: 0.1
title:	Urgent11-Suricata-LUA-scripts	url:	https://github.com/sud0woodo/urgent11-suricata-lua-scripts	Trust: 0.1
title:	urgent11-poc	url:	https://github.com/iweizime/urgent11-poc	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000s/poc-in-github	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/poc-in-github	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xt11/cve-poc	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/poc-in-github	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/over-100-000-medical-infusion-pumps-vulnerable-to-years-old-critical-bug/	Trust: 0.1

sources: CNVD: CNVD-2019-25700 // VULMON: CVE-2019-12255 // JVNDB: JVNDB-2019-007841 // CNNVD: CNNVD-201907-1497

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12255	Trust: 4.2
db:	PACKETSTORM	id:	154022	Trust: 1.8
db:	SIEMENS	id:	SSA-352504	Trust: 1.8
db:	SIEMENS	id:	SSA-189842	Trust: 1.8
db:	SIEMENS	id:	SSA-632562	Trust: 1.8
db:	ICS CERT	id:	ICSA-19-274-01	Trust: 1.4
db:	ICS CERT	id:	ICSA-19-211-01	Trust: 1.4
db:	ICS CERT	id:	ICSMA-19-274-01	Trust: 1.4
db:	CNNVD	id:	CNNVD-201907-1497	Trust: 0.9
db:	ICS CERT	id:	ICSA-23-320-10	Trust: 0.9
db:	CNVD	id:	CNVD-2019-25700	Trust: 0.8
db:	JVN	id:	JVNVU92598492	Trust: 0.8
db:	JVN	id:	JVNVU92467308	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-007841	Trust: 0.8
db:	EXPLOIT-DB	id:	47233	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3695.5	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2856	Trust: 0.6
db:	IVD	id:	61D7170C-1DA5-4162-B6EC-A6C8DA8A0466	Trust: 0.2
db:	VULHUB	id:	VHN-143983	Trust: 0.1
db:	VULMON	id:	CVE-2019-12255	Trust: 0.1

REFERENCES

url:	http://packetstormsecurity.com/files/154022/vxworks-6.8-integer-underflow.html	Trust: 2.4
url:	https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12255	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12255	Trust: 2.0
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf	Trust: 1.8
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf	Trust: 1.8
url:	https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0009	Trust: 1.8
url:	https://security.netapp.com/advisory/ntap-20190802-0001/	Trust: 1.8
url:	https://support.f5.com/csp/article/k41190253	Trust: 1.8
url:	https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/	Trust: 1.8
url:	https://support2.windriver.com/index.php?page=security-notices	Trust: 1.8
url:	https://www.us-cert.gov/ics/advisories/icsa-19-274-01	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsma-19-274-01	Trust: 1.4
url:	https://www.us-cert.gov/ics/advisories/icsa-19-211-01	Trust: 1.4
url:	https://support.f5.com/csp/article/k41190253?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.1
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-10	Trust: 0.9
url:	https://jvn.jp/vu/jvnvu92467308/	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu92598492/	Trust: 0.8
url:	https://www.exploit-db.com/exploits/47233	Trust: 0.7
url:	https://support.f5.com/csp/article/k41190253?utm_source=f5support&utm_medium=rss	Trust: 0.6
url:	https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf	Trust: 0.6
url:	https://www.tenable.com/blog/critical-vulnerabilities-dubbed-urgent11-place-devices-running-vxworks-at-risk-of-rce-attacks	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.3695.5/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2856/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/wind-river-vxworks-multiple-vulnerabilities-via-ipnet-29905	Trust: 0.6
url:	https://support.f5.com/csp/article/k41190253?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1
url:	https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12255	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/120.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=60681	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/sud0woodo/urgent11-suricata-lua-scripts	Trust: 0.1

sources: CNVD: CNVD-2019-25700 // VULHUB: VHN-143983 // VULMON: CVE-2019-12255 // JVNDB: JVNDB-2019-007841 // NVD: CVE-2019-12255 // CNNVD: CNNVD-201907-1497

CREDITS

Zhou Yu

Trust: 0.6

sources: CNNVD: CNNVD-201907-1497

SOURCES

db:	IVD	id:	61d7170c-1da5-4162-b6ec-a6c8da8a0466
db:	CNVD	id:	CNVD-2019-25700
db:	VULHUB	id:	VHN-143983
db:	VULMON	id:	CVE-2019-12255
db:	JVNDB	id:	JVNDB-2019-007841
db:	NVD	id:	CVE-2019-12255
db:	CNNVD	id:	CNNVD-201907-1497

LAST UPDATE DATE

2023-12-18T11:41:27.169000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-25700	date:	2019-08-02T00:00:00
db:	VULHUB	id:	VHN-143983	date:	2019-10-02T00:00:00
db:	VULMON	id:	CVE-2019-12255	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-007841	date:	2023-11-21T01:10:00
db:	NVD	id:	CVE-2019-12255	date:	2023-11-07T03:03:30.400
db:	CNNVD	id:	CNNVD-201907-1497	date:	2022-03-10T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	61d7170c-1da5-4162-b6ec-a6c8da8a0466	date:	2019-08-02T00:00:00
db:	CNVD	id:	CNVD-2019-25700	date:	2019-08-02T00:00:00
db:	VULHUB	id:	VHN-143983	date:	2019-08-09T00:00:00
db:	VULMON	id:	CVE-2019-12255	date:	2019-08-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-007841	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2019-12255	date:	2019-08-09T20:15:11.347
db:	CNNVD	id:	CNNVD-201907-1497	date:	2019-07-29T00:00:00