ID

VAR-201908-0712


CVE

CVE-2019-12255


TITLE

Wind River Systems VxWorks Digital Error Vulnerability

Trust: 0.8

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNVD: CNVD-2019-25700

DESCRIPTION

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Wind River VxWorks Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Wind River Systems VxWorks is an embedded real-time operating system (RTOS) from Wind River Systems. An attacker could exploit the vulnerability to execute code. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. The following products and versions are affected: Wind River Systems VxWorks Version 6.9, Version 6.8, Version 6.7, Version 6.6. A vulnerability in Wind River VxWorks could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition or execute arbitrary code on a targeted system. A successful exploit could allow the malicious user to execute arbitrary code or cause a DoS condition on the targeted system

Trust: 2.52

sources: NVD: CVE-2019-12255 // JVNDB: JVNDB-2019-007841 // CNVD: CNVD-2019-25700 // IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // VULHUB: VHN-143983 // VULMON: CVE-2019-12255

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNVD: CNVD-2019-25700

AFFECTED PRODUCTS

vendor:sonicosmodel: - scope:eqversion:*

Trust: 2.6

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.3.3

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:07.0.07

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.4.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.0.0

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:lteversion:8.40.50.00

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.5.3.0

Trust: 1.0

vendor:siemensmodel:ruggedcom win7025scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:windrivermodel:vxworksscope:ltversion:6.9.4

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.3.1

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.1.4

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:5.9.0.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.2.7.7

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.5.3

Trust: 1.0

vendor:siemensmodel:siprotec 5scope:eqversion:*

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:05.3.06

Trust: 1.0

vendor:siemensmodel:ruggedcom win7000scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.5.1.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.6.1

Trust: 1.0

vendor:siemensmodel:power meter 9810scope:eqversion:*

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.4.3

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.7.4

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.7.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:5.9.1.12

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.4.3

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.2.7.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:eqversion:6.2.7.1

Trust: 1.0

vendor:siemensmodel:ruggedcom win7018scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.2.3

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:07.5.01

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:5.9.1.0.

Trust: 1.0

vendor:siemensmodel:power meter 9410scope:ltversion:2.2.1

Trust: 1.0

vendor:windrivermodel:vxworksscope:gteversion:6.5

Trust: 1.0

vendor:beldenmodel:garrettcom magnum dx940escope:lteversion:1.0.1_y7

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope:gteversion:8.00

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.5.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.5.4.0.

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.6.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.5.0.0

Trust: 1.0

vendor:siemensmodel:ruggedcom win7200scope:ltversion:bs5.2.461.17

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.2.9.2

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:5.9.0.7

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.5.2.0

Trust: 1.0

vendor:siemensmodel:siprotec 5scope:ltversion:7.91

Trust: 1.0

vendor:beldenmodel:hirschmann hiosscope:lteversion:07.2.04

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:gteversion:6.2.9.0

Trust: 1.0

vendor:sonicwallmodel:sonicosscope:lteversion:6.5.0.3

Trust: 1.0

vendor:netappmodel:e-series santricity os controllerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:siprotec 5scope: - version: -

Trust: 0.8

vendor:sonicwallmodel:sonicosscope: - version: -

Trust: 0.8

vendor:ウインドリバー株式会社model:vxworksscope: - version: -

Trust: 0.8

vendor:siprotec 5model: - scope:eqversion:*

Trust: 0.6

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.9

Trust: 0.6

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.8

Trust: 0.6

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.7

Trust: 0.6

vendor:windmodel:river systems wind river systems vxworksscope:eqversion:6.6

Trust: 0.6

vendor:vxworksmodel: - scope:eqversion:*

Trust: 0.2

vendor:e series santricity os controllermodel: - scope:eqversion:*

Trust: 0.2

vendor:sonicosmodel: - scope:eqversion:6.2.7.1

Trust: 0.2

vendor:sonicosmodel: - scope:eqversion:6.2.7.7

Trust: 0.2

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNVD: CNVD-2019-25700 // JVNDB: JVNDB-2019-007841 // NVD: CVE-2019-12255

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12255
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-12255
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-25700
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201907-1497
value: CRITICAL

Trust: 0.6

IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466
value: CRITICAL

Trust: 0.2

VULHUB: VHN-143983
value: HIGH

Trust: 0.1

VULMON: CVE-2019-12255
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-12255
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-25700
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-143983
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12255
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-12255
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNVD: CNVD-2019-25700 // VULHUB: VHN-143983 // VULMON: CVE-2019-12255 // JVNDB: JVNDB-2019-007841 // CNNVD: CNNVD-201907-1497 // NVD: CVE-2019-12255

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:Buffer error (CWE-119) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-143983 // JVNDB: JVNDB-2019-007841 // NVD: CVE-2019-12255

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1497

TYPE

Buffer error

Trust: 0.8

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNNVD: CNNVD-201907-1497

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2019-12255

PATCH

title:Security Notices Siemens Siemens Security Advisoryurl:https://security.netapp.com/advisory/ntap-20190802-0001/

Trust: 0.8

title:Wind River Systems VxWorks Patch for Digital Error Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/172897

Trust: 0.6

title:Wind River Systems VxWorks Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95612

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2019/07/29/wind_river_patches_vxworks/

Trust: 0.2

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=1f919286ef48798d96223ef4d2143337

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=2dd69ca01b84b80e09672fedb1c26f51

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=99fa839be73f2df819a67c27caa912f8

Trust: 0.1

title:Fortinet Security Advisories: Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)url:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-222

Trust: 0.1

title:Urgent11-Suricata-LUA-scriptsurl:https://github.com/sud0woodo/Urgent11-Suricata-LUA-scripts

Trust: 0.1

title:urgent11-pocurl:https://github.com/iweizime/urgent11-poc

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/over-100-000-medical-infusion-pumps-vulnerable-to-years-old-critical-bug/

Trust: 0.1

sources: CNVD: CNVD-2019-25700 // VULMON: CVE-2019-12255 // JVNDB: JVNDB-2019-007841 // CNNVD: CNNVD-201907-1497

EXTERNAL IDS

db:NVDid:CVE-2019-12255

Trust: 4.2

db:PACKETSTORMid:154022

Trust: 1.8

db:SIEMENSid:SSA-352504

Trust: 1.8

db:SIEMENSid:SSA-189842

Trust: 1.8

db:SIEMENSid:SSA-632562

Trust: 1.8

db:ICS CERTid:ICSA-19-274-01

Trust: 1.4

db:ICS CERTid:ICSA-19-211-01

Trust: 1.4

db:ICS CERTid:ICSMA-19-274-01

Trust: 1.4

db:CNNVDid:CNNVD-201907-1497

Trust: 0.9

db:ICS CERTid:ICSA-23-320-10

Trust: 0.9

db:CNVDid:CNVD-2019-25700

Trust: 0.8

db:JVNid:JVNVU92598492

Trust: 0.8

db:JVNid:JVNVU92467308

Trust: 0.8

db:JVNDBid:JVNDB-2019-007841

Trust: 0.8

db:EXPLOIT-DBid:47233

Trust: 0.7

db:AUSCERTid:ESB-2019.3695.5

Trust: 0.6

db:AUSCERTid:ESB-2019.2856

Trust: 0.6

db:IVDid:61D7170C-1DA5-4162-B6EC-A6C8DA8A0466

Trust: 0.2

db:VULHUBid:VHN-143983

Trust: 0.1

db:VULMONid:CVE-2019-12255

Trust: 0.1

sources: IVD: 61d7170c-1da5-4162-b6ec-a6c8da8a0466 // CNVD: CNVD-2019-25700 // VULHUB: VHN-143983 // VULMON: CVE-2019-12255 // JVNDB: JVNDB-2019-007841 // CNNVD: CNNVD-201907-1497 // NVD: CVE-2019-12255

REFERENCES

url:http://packetstormsecurity.com/files/154022/vxworks-6.8-integer-underflow.html

Trust: 2.4

url:https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12255

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-12255

Trust: 2.0

url:https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Trust: 1.8

url:https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

Trust: 1.8

url:https://psirt.global.sonicwall.com/vuln-detail/snwlid-2019-0009

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20190802-0001/

Trust: 1.8

url:https://support.f5.com/csp/article/k41190253

Trust: 1.8

url:https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Trust: 1.8

url:https://support2.windriver.com/index.php?page=security-notices

Trust: 1.8

url:https://www.us-cert.gov/ics/advisories/icsa-19-274-01

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsma-19-274-01

Trust: 1.4

url:https://www.us-cert.gov/ics/advisories/icsa-19-211-01

Trust: 1.4

url:https://support.f5.com/csp/article/k41190253?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.1

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-10

Trust: 0.9

url:https://jvn.jp/vu/jvnvu92467308/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu92598492/

Trust: 0.8

url:https://www.exploit-db.com/exploits/47233

Trust: 0.7

url:https://support.f5.com/csp/article/k41190253?utm_source=f5support&utm_medium=rss

Trust: 0.6

url:https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf

Trust: 0.6

url:https://www.tenable.com/blog/critical-vulnerabilities-dubbed-urgent11-place-devices-running-vxworks-at-risk-of-rce-attacks

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3695.5/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2856/

Trust: 0.6

url:https://vigilance.fr/vulnerability/wind-river-vxworks-multiple-vulnerabilities-via-ipnet-29905

Trust: 0.6

url:https://support.f5.com/csp/article/k41190253?utm_source=f5support&utm_medium=rss

Trust: 0.1

url:https://support2.windriver.com/index.php?page=cve&on=view&id=cve-2019-12255

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/120.html

Trust: 0.1

url:http://tools.cisco.com/security/center/viewalert.x?alertid=60681

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/sud0woodo/urgent11-suricata-lua-scripts

Trust: 0.1

sources: CNVD: CNVD-2019-25700 // VULHUB: VHN-143983 // VULMON: CVE-2019-12255 // JVNDB: JVNDB-2019-007841 // CNNVD: CNNVD-201907-1497 // NVD: CVE-2019-12255

CREDITS

Zhou Yu

Trust: 0.6

sources: CNNVD: CNNVD-201907-1497

SOURCES

db:IVDid:61d7170c-1da5-4162-b6ec-a6c8da8a0466
db:CNVDid:CNVD-2019-25700
db:VULHUBid:VHN-143983
db:VULMONid:CVE-2019-12255
db:JVNDBid:JVNDB-2019-007841
db:CNNVDid:CNNVD-201907-1497
db:NVDid:CVE-2019-12255

LAST UPDATE DATE

2024-08-14T12:21:38.327000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-25700date:2019-08-02T00:00:00
db:VULHUBid:VHN-143983date:2019-10-02T00:00:00
db:VULMONid:CVE-2019-12255date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2019-007841date:2023-11-21T01:10:00
db:CNNVDid:CNNVD-201907-1497date:2022-03-10T00:00:00
db:NVDid:CVE-2019-12255date:2023-11-07T03:03:30.400

SOURCES RELEASE DATE

db:IVDid:61d7170c-1da5-4162-b6ec-a6c8da8a0466date:2019-08-02T00:00:00
db:CNVDid:CNVD-2019-25700date:2019-08-02T00:00:00
db:VULHUBid:VHN-143983date:2019-08-09T00:00:00
db:VULMONid:CVE-2019-12255date:2019-08-09T00:00:00
db:JVNDBid:JVNDB-2019-007841date:2019-08-21T00:00:00
db:CNNVDid:CNNVD-201907-1497date:2019-07-29T00:00:00
db:NVDid:CVE-2019-12255date:2019-08-09T20:15:11.347