ID

VAR-201908-0704


CVE

CVE-2019-12263


TITLE

Wind River VxWorks  Buffer error vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-007851

DESCRIPTION

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. Wind River VxWorks Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Wind River Systems VxWorks is an embedded real-time operating system (RTOS) from Wind River Systems. The vulnerability stems from the improper handling of concurrent access when the network system or product is running and concurrent code needs to access shared resources mutually exclusive. There are currently no detailed details of the vulnerability provided. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Wind River Systems VxWorks Version 7, Version 6.9, Version 6.8, Version 6.7, Version 6.6. A vulnerability in Wind River VxWorks could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition or execute arbitrary code on a targeted system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the targeted system. A successful exploit could cause an Urgent Pointer state confusion, which could allow the malicious user to execute arbitrary code or cause a DoS condition on the targeted system

Trust: 2.52

sources: NVD: CVE-2019-12263 // JVNDB: JVNDB-2019-007851 // CNVD: CNVD-2019-25708 // IVD: 105f43dd-e73e-463b-843e-0f65bbf82737 // VULHUB: VHN-143992 // VULMON: CVE-2019-12263

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 105f43dd-e73e-463b-843e-0f65bbf82737 // CNVD: CNVD-2019-25708

AFFECTED PRODUCTS

vendor:sonicosmodel: - scope:eqversion:*

Trust: 2.4

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.3.3

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:07.0.07

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.4.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.0.0

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:8.40.50.00

Trust: 1.0

vendor:windrivermodel:vxworksscope:eqversion:7.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.5.3.0

Trust: 1.0

vendor:siemensmodel:ruggedcom win7025scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.3.1

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.1.4

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:5.9.0.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.2.7.7

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.5.3

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:05.3.06

Trust: 1.0

vendor:siemensmodel:ruggedcom win7000scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.5.1.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.6.1

Trust: 1.0

vendor:siemensmodel:power meter 9810scope:eqversion:*

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.4.3

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.7.4

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.7.0

Trust: 1.0

vendor:siemensmodel:siprotec 5scope:ltversion:7.59

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:5.9.1.12

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.4.3

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.2.7.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.2.7.1

Trust: 1.0

vendor:siemensmodel:ruggedcom win7018scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.2.3

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:07.5.01

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:5.9.1.0.

Trust: 1.0

vendor:siemensmodel:power meter 9410scope:ltversion:2.2.1

Trust: 1.0

vendor:windrivermodel:vxworksscope:gteversion:6.5

Trust: 1.0

vendor:beldenmodel:garrettcom magnum dx940escope:lteversion:1.0.1_y7

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:8.00

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.5.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.5.4.0.

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.6.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.5.0.0

Trust: 1.0

vendor:siemensmodel:ruggedcom win7200scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.9.2

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:5.9.0.7

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.5.2.0

Trust: 1.0

vendor:siemensmodel:siprotec 5scope:ltversion:7.91

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:07.2.04

Trust: 1.0

vendor:windrivermodel:vxworksscope:ltversion:6.9.4.12

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.9.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.0.3

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sonicosscope: - version: -

Trust: 0.8

vendor:ウインドリバー株式会社model:vxworksscope: - version: -

Trust: 0.8

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.9

Trust: 0.6

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.8

Trust: 0.6

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.7

Trust: 0.6

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.6

Trust: 0.6

vendor:siprotec 5model: - scope:eqversion:*

Trust: 0.4

vendor:vxworksmodel: - scope:eqversion:6.9.4

Trust: 0.2

vendor:vxworksmodel: - scope:eqversion:7

Trust: 0.2

vendor:e series santricity os controllermodel: - scope:eqversion:*

Trust: 0.2

vendor:sonicosmodel: - scope:eqversion:6.2.7.0

Trust: 0.2

vendor:sonicosmodel: - scope:eqversion:6.2.7.1

Trust: 0.2

vendor:sonicosmodel: - scope:eqversion:6.2.7.7

Trust: 0.2

sources: IVD: 105f43dd-e73e-463b-843e-0f65bbf82737 // CNVD: CNVD-2019-25708 // JVNDB: JVNDB-2019-007851 // NVD: CVE-2019-12263

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12263
value: HIGH

Trust: 1.0

NVD: CVE-2019-12263
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-25708
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-1493
value: HIGH

Trust: 0.6

IVD: 105f43dd-e73e-463b-843e-0f65bbf82737
value: HIGH

Trust: 0.2

VULHUB: VHN-143992
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-12263
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12263
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-25708
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 105f43dd-e73e-463b-843e-0f65bbf82737
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-143992
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12263
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-12263
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 105f43dd-e73e-463b-843e-0f65bbf82737 // CNVD: CNVD-2019-25708 // VULHUB: VHN-143992 // VULMON: CVE-2019-12263 // JVNDB: JVNDB-2019-007851 // CNNVD: CNNVD-201907-1493 // NVD: CVE-2019-12263

PROBLEMTYPE DATA

problemtype:CWE-362

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Buffer error (CWE-119) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-143992 // JVNDB: JVNDB-2019-007851 // NVD: CVE-2019-12263

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1493

TYPE

Buffer error

Trust: 0.8

sources: IVD: 105f43dd-e73e-463b-843e-0f65bbf82737 // CNNVD: CNNVD-201907-1493

PATCH

title:Security Notices Siemens Siemens Security Advisoryurl:https://security.netapp.com/advisory/ntap-20190802-0001/

Trust: 0.8

title:Patch for Wind River Systems VxWorks Competition Conditional Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/172961

Trust: 0.6

title:Wind River Systems VxWorks Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95608

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2019/07/29/wind_river_patches_vxworks/

Trust: 0.2

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=1f919286ef48798d96223ef4d2143337

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2dd69ca01b84b80e09672fedb1c26f51

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=99fa839be73f2df819a67c27caa912f8

Trust: 0.1

title:Fortinet Security Advisories: Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)url:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-222

Trust: 0.1

title:urgent11-pocurl:https://github.com/iweizime/urgent11-poc

Trust: 0.1

sources: CNVD: CNVD-2019-25708 // VULMON: CVE-2019-12263 // JVNDB: JVNDB-2019-007851 // CNNVD: CNNVD-201907-1493

EXTERNAL IDS

db:NVDid:CVE-2019-12263

Trust: 4.2

db:SIEMENSid:SSA-352504

Trust: 1.8

db:SIEMENSid:SSA-189842

Trust: 1.8

db:SIEMENSid:SSA-632562

Trust: 1.8

db:ICS CERTid:ICSA-19-274-01

Trust: 1.4

db:ICS CERTid:ICSA-19-211-01

Trust: 1.4

db:ICS CERTid:ICSMA-19-274-01

Trust: 1.4

db:CNNVDid:CNNVD-201907-1493

Trust: 0.9

db:ICS CERTid:ICSA-23-320-10

Trust: 0.9

db:CNVDid:CNVD-2019-25708

Trust: 0.8

db:JVNid:JVNVU92598492

Trust: 0.8

db:JVNid:JVNVU92467308

Trust: 0.8

db:JVNDBid:JVNDB-2019-007851

Trust: 0.8

db:AUSCERTid:ESB-2019.3695.5

Trust: 0.6

db:AUSCERTid:ASB-2019.0224

Trust: 0.6

db:AUSCERTid:ESB-2019.3245

Trust: 0.6

db:AUSCERTid:ESB-2019.2856

Trust: 0.6

db:IVDid:105F43DD-E73E-463B-843E-0F65BBF82737

Trust: 0.2

db:VULHUBid:VHN-143992

Trust: 0.1

db:VULMONid:CVE-2019-12263

Trust: 0.1

sources: IVD: 105f43dd-e73e-463b-843e-0f65bbf82737 // CNVD: CNVD-2019-25708 // VULHUB: VHN-143992 // VULMON: CVE-2019-12263 // JVNDB: JVNDB-2019-007851 // CNNVD: CNNVD-201907-1493 // NVD: CVE-2019-12263

REFERENCES

url:https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12263

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-12263

Trust: 2.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Trust: 1.8

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0009

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190802-0001/

Trust: 1.8

url:https://support.f5.com/csp/article/k41190253

Trust: 1.8

url:https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Trust: 1.8

url:https://support2.windriver.com/index.php?page=security-notices

Trust: 1.8

url:https://www.us-cert.gov/ics/advisories/icsa-19-274-01

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsma-19-274-01

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsa-19-211-01

Trust: 1.4

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-10

Trust: 0.9

url:https://jvn.jp/vu/jvnvu92467308/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu92598492/index.html

Trust: 0.8

url:https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf

Trust: 0.6

url:https://www.tenable.com/blog/critical-vulnerabilities-dubbed-urgent11-place-devices-running-vxworks-at-risk-of-rce-attacks

Trust: 0.6

url:https://fortiguard.com/psirt/fg-ir-19-222

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3695.5/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2856/

Trust: 0.6

url:https://vigilance.fr/vulnerability/wind-river-vxworks-multiple-vulnerabilities-via-ipnet-29905

Trust: 0.6

url:https://www.auscert.org.au/bulletins/asb-2019.0224/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3245/

Trust: 0.6

url:https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12263

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/362.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=60684

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/iweizime/urgent11-poc

Trust: 0.1

sources: CNVD: CNVD-2019-25708 // VULHUB: VHN-143992 // VULMON: CVE-2019-12263 // JVNDB: JVNDB-2019-007851 // CNNVD: CNNVD-201907-1493 // NVD: CVE-2019-12263

SOURCES

db:IVDid:105f43dd-e73e-463b-843e-0f65bbf82737
db:CNVDid:CNVD-2019-25708
db:VULHUBid:VHN-143992
db:VULMONid:CVE-2019-12263
db:JVNDBid:JVNDB-2019-007851
db:CNNVDid:CNNVD-201907-1493
db:NVDid:CVE-2019-12263

LAST UPDATE DATE

2024-08-14T12:54:48.549000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-25708date:2019-08-02T00:00:00
db:VULHUBid:VHN-143992date:2019-09-10T00:00:00
db:VULMONid:CVE-2019-12263date:2022-08-12T00:00:00
db:JVNDBid:JVNDB-2019-007851date:2023-11-21T01:23:00
db:CNNVDid:CNNVD-201907-1493date:2022-03-10T00:00:00
db:NVDid:CVE-2019-12263date:2022-08-12T18:44:49.107

SOURCES RELEASE DATE

db:IVDid:105f43dd-e73e-463b-843e-0f65bbf82737date:2019-08-02T00:00:00
db:CNVDid:CNVD-2019-25708date:2019-08-02T00:00:00
db:VULHUBid:VHN-143992date:2019-08-09T00:00:00
db:VULMONid:CVE-2019-12263date:2019-08-09T00:00:00
db:JVNDBid:JVNDB-2019-007851date:2019-08-21T00:00:00
db:CNNVDid:CNNVD-201907-1493date:2019-07-29T00:00:00
db:NVDid:CVE-2019-12263date:2019-08-09T19:15:11.233