Sign-up

ID

VAR-201508-0391


CVE

CVE-2015-3963


TITLE

Wind River VXWorks TCP Predictable vulnerability

Trust: 0.8

sources: IVD: 80541190-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03907

DESCRIPTION

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. VxWorks is a real-time operating system widely used on ICS-related devices. Schneider Electric SAGE RTU is a series of industrial data communication equipment of French Schneider Electric (Schneider Electric). Wind River VxWorks is a set of embedded real-time operating systems (RTOS) developed by Wind River in the United States. A security vulnerability exists in Wind River VxWorks used in previous versions of Schneider Electric SAGE RTU equipment J2. The following versions are affected: Wind River VxWorks before 5.5.1, 6.5.x, 6.6.x, 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, and 6.9 before 6.9.4.4. x version, 7.x version before 7 ipnet_coreip 1.2.2.0. An attacker can exploit this issue to gain access to sensitive information, to cause a denial-of-service condition and perform certain unauthorized actions; this may lead to further attacks

Trust: 3.24

sources: NVD: CVE-2015-3963 // JVNDB: JVNDB-2015-004019 // CNVD: CNVD-2015-03907 // CNNVD: CNNVD-201507-324 // BID: 75302 // IVD: 80541190-2351-11e6-abef-000c29c66e3d // VULHUB: VHN-81924

IOT TAXONOMY

category:['IoT', 'ICS']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 80541190-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03907

AFFECTED PRODUCTS

vendor:windrivermodel:vxworksscope:ltversion:6.7.1.1

Trust: 1.0

vendor:windrivermodel:vxworksscope:ltversion:6.9.4.4

Trust: 1.0

vendor:windrivermodel:vxworksscope:ltversion:6.8.3

Trust: 1.0

vendor:windrivermodel:vxworksscope:gteversion:6.5

Trust: 1.0

vendor:windrivermodel:vxworksscope:lteversion:6.6

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:6.6.4

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:6.6.4.1

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:7.0

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:6.6.3

Trust: 1.0

vendor:windrivermodel:vxworksscope:gteversion:6.9

Trust: 1.0

vendor:windrivermodel:vxworksscope:gteversion:6.8

Trust: 1.0

vendor:windrivermodel:vxworksscope:gteversion:6.7

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:6.9

Trust: 0.9

vendor:windrivermodel:vxworksscope:eqversion:6.8

Trust: 0.9

vendor:windrivermodel:vxworksscope:eqversion:6.7

Trust: 0.9

vendor:windrivermodel:vxworksscope:eqversion:6.6

Trust: 0.9

vendor:schneider electricmodel:sage 1230 rtuscope: - version: -

Trust: 0.8

vendor:wind rivermodel:vxworksscope:ltversion:6.7.x

Trust: 0.8

vendor:schneider electricmodel:sage 1350 rtuscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:sage 1410 rtuscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:sage 1330 rtuscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:sage 1310 rtuscope: - version: -

Trust: 0.8

vendor:wind rivermodel:vxworksscope:eqversion:6.9.4.4

Trust: 0.8

vendor:wind rivermodel:vxworksscope:ltversion:7.x

Trust: 0.8

vendor:schneider electricmodel:sage 2400 rtuscope: - version: -

Trust: 0.8

vendor:wind rivermodel:vxworksscope:ltversion:6.9.x

Trust: 0.8

vendor:schneider electricmodel:sage 1250 rtuscope: - version: -

Trust: 0.8

vendor:wind rivermodel:vxworksscope:eqversion:7 ipnet_coreip 1.2.2.0

Trust: 0.8

vendor:schneider electricmodel:sage 1210 rtuscope: - version: -

Trust: 0.8

vendor:wind rivermodel:vxworksscope:eqversion:6.5.x from 6.7.1.1

Trust: 0.8

vendor:schneider electricmodel:sage 3030 rtuscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:sage 1430 rtuscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:sage 2200 rtuscope: - version: -

Trust: 0.8

vendor:wind rivermodel:vxworksscope:ltversion:6.8.x

Trust: 0.8

vendor:schneider electricmodel:sage 1450 rtuscope: - version: -

Trust: 0.8

vendor:schneider electricmodel:sage 3030 magnum rtuscope: - version: -

Trust: 0.8

vendor:wind rivermodel:vxworksscope:eqversion:6.8.3

Trust: 0.8

vendor:windmodel:river systems vxworksscope:eqversion:6.x

Trust: 0.6

vendor:windmodel:river systems vxworksscope:eqversion:7.x

Trust: 0.6

vendor:windrivermodel:vxworksscope:eqversion:6.9.4

Trust: 0.6

vendor:windrivermodel:vxworksscope:eqversion:5.5

Trust: 0.6

vendor:windrivermodel:vxworksscope:eqversion:6.5

Trust: 0.6

vendor:windrivermodel:vxworksscope:eqversion:6.9.3

Trust: 0.6

vendor:xeroxmodel:phaser 3635mfpscope:eqversion:0

Trust: 0.3

vendor:windrivermodel:vxworksscope:eqversion:7

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:30300

Trust: 0.3

vendor:schneider electricmodel:sage magnum rtuscope:eqversion:30300

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:24000

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:22000

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:14500

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:14300

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:14100

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:13500

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:13300

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:13100

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:12500

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:12300

Trust: 0.3

vendor:schneider electricmodel:sage rtuscope:eqversion:12100

Trust: 0.3

vendor:abbmodel:rtu500 seriesscope:eqversion:11.3

Trust: 0.3

vendor:xeroxmodel:phaser 3635mfpscope:neversion:20.105.54.000

Trust: 0.3

vendor:windrivermodel:vxworksscope:neversion:6.8.3

Trust: 0.3

vendor:windrivermodel:vxworksscope:neversion:5.5.1

Trust: 0.3

vendor:windrivermodel:vxworksscope:neversion:6.9.4.4

Trust: 0.3

vendor:windrivermodel:vxworksscope:neversion:6.7.1.1

Trust: 0.3

vendor:windrivermodel:vxworksscope:neversion:6.4

Trust: 0.3

vendor:windrivermodel:vxworksscope:neversion:6.0

Trust: 0.3

vendor:schneider electricmodel:sage magnum rtu c3414-500-s02j2scope:neversion:3030

Trust: 0.3

vendor:schneider electricmodel:sage rtu c3414-500-s02j2scope:neversion:2400

Trust: 0.3

vendor:schneider electricmodel:sage rtu c3414-500-s02j2scope:neversion:1450

Trust: 0.3

vendor:schneider electricmodel:sage rtu c3414-500-s02j2scope:neversion:1430

Trust: 0.3

vendor:schneider electricmodel:sage rtu c3414-500-s02j2scope:neversion:1410

Trust: 0.3

vendor:abbmodel:rtu500 seriesscope:neversion:11.4.1

Trust: 0.3

vendor:vxworksmodel: - scope:eqversion:*

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.5

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.6

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.7

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.8

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.9

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.9.3

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:6.9.4

Trust: 0.2

sources: IVD: 80541190-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03907 // BID: 75302 // JVNDB: JVNDB-2015-004019 // CNNVD: CNNVD-201507-324 // NVD: CVE-2015-3963

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3963
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-3963
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-03907
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201507-324
value: MEDIUM

Trust: 0.6

IVD: 80541190-2351-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-81924
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-3963
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2015-3963
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2015-03907
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 80541190-2351-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-81924
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 80541190-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03907 // VULHUB: VHN-81924 // JVNDB: JVNDB-2015-004019 // CNNVD: CNNVD-201507-324 // NVD: CVE-2015-3963

PROBLEMTYPE DATA

problemtype:CWE-330

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-81924 // JVNDB: JVNDB-2015-004019 // NVD: CVE-2015-3963

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-324

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201507-324

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004019

PATCH
title:SAGE RTU VxWorks TCP Predictabilityurl:http://download.schneider-electric.com/files?p_Reference=SEVD-2015-162-01&p_EnDocType=Brochure&p_File_Id=868067338&p_File_Name=SEVD-2015-162-01.pdf
Trust: 0.8
title:SEVD-2015-162-01url:http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01
Trust: 0.8
title:Top Pageurl:http://www.windriver.com/
Trust: 0.8
title:Wind River VXWorks TCP predictable vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/59857
Trust: 0.6
title:Wind River VxWorks Repair measures for security bypass vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157616
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-03907 // 
            
            
            
            JVNDB: JVNDB-2015-004019 // 
            
            
            
            CNNVD: CNNVD-201507-324

EXTERNAL IDS
db:NVDid:CVE-2015-3963
Trust: 3.6
db:ICS CERTid:ICSA-15-169-01
Trust: 3.4
db:BIDid:75302
Trust: 2.6
db:SCHNEIDERid:SEVD-2015-162-01
Trust: 1.7
db:SECTRACKid:1033181
Trust: 1.7
db:SECTRACKid:1032730
Trust: 1.7
db:ICS CERTid:ICSA-15-169-01A
Trust: 1.7
db:CNVDid:CNVD-2015-03907
Trust: 0.8
db:CNNVDid:CNNVD-201507-324
Trust: 0.8
db:JVNDBid:JVNDB-2015-004019
Trust: 0.8
db:IVDid:80541190-2351-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:VULHUBid:VHN-81924
Trust: 0.1
sources:
            
            
            IVD: 80541190-2351-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2015-03907 // 
            
            
            
            VULHUB: VHN-81924 // 
            
            
            
            BID: 75302 // 
            
            
            
            JVNDB: JVNDB-2015-004019 // 
            
            
            
            CNNVD: CNNVD-201507-324 // 
            
            
            
            NVD: CVE-2015-3963

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-169-01
Trust: 3.4
url:http://www.securityfocus.com/bid/75302
Trust: 1.7
url:http://www.schneider-electric.com/ww/en/download/document/sevd-2015-162-01
Trust: 1.7
url:https://security.netapp.com/advisory/ntap-20160324-0001/
Trust: 1.7
url:https://ics-cert.us-cert.gov/advisories/icsa-15-169-01a
Trust: 1.7
url:http://www.securitytracker.com/id/1032730
Trust: 1.7
url:http://www.securitytracker.com/id/1033181
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3963
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3963
Trust: 0.8
url:http://www.windriver.com/products/vxworks.html
Trust: 0.3
url:https://www.xerox.com/download/security/security-bulletin/1ddcb-5255ff0558bfd/cert_security_mini-_bulletin_xrx15aw_for_ph3635mfp_v1-0.pdf
Trust: 0.3
url:https://library.e.abb.com/public/03edbe8b0bed400a8b294347be5d66ab/abb_softwarevulnerabilityhandlingadvisory_abb-vu-pgga-1kgt090284.pdf
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-03907 // 
            
            
            
            VULHUB: VHN-81924 // 
            
            
            
            BID: 75302 // 
            
            
            
            JVNDB: JVNDB-2015-004019 // 
            
            
            
            CNNVD: CNNVD-201507-324 // 
            
            
            
            NVD: CVE-2015-3963

CREDITS
David Formby, and San Shin Jung of Georgia Tech.,Raheem Beyah
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201507-324

SOURCES
db:IVDid:80541190-2351-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2015-03907
db:VULHUBid:VHN-81924
db:BIDid:75302
db:JVNDBid:JVNDB-2015-004019
db:CNNVDid:CNNVD-201507-324
db:NVDid:CVE-2015-3963

LAST UPDATE DATE
2024-11-23T19:31:04.528000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03907date:2015-06-24T00:00:00
db:VULHUBid:VHN-81924date:2017-11-10T00:00:00
db:BIDid:75302date:2016-10-26T05:09:00
db:JVNDBid:JVNDB-2015-004019date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201507-324date:2021-07-26T00:00:00
db:NVDid:CVE-2015-3963date:2024-11-21T02:30:09.507

SOURCES RELEASE DATE
db:IVDid:80541190-2351-11e6-abef-000c29c66e3ddate:2015-06-24T00:00:00
db:CNVDid:CNVD-2015-03907date:2015-06-24T00:00:00
db:VULHUBid:VHN-81924date:2015-08-04T00:00:00
db:BIDid:75302date:2015-06-18T00:00:00
db:JVNDBid:JVNDB-2015-004019date:2015-08-06T00:00:00
db:CNNVDid:CNNVD-201507-324date:2015-06-18T00:00:00
db:NVDid:CVE-2015-3963date:2015-08-04T01:59:07.357