Details of VAR-202103-0365

ID

VAR-202103-0365

CVE

CVE-2016-20009

TITLE

Wind River VxWorks Out-of-bounds Vulnerability in Microsoft

Trust: 0.8

sources: JVNDB: JVNDB-2016-009699

DESCRIPTION

A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Wind River VxWorks Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Wind River VxWorks is an operating system of Wind River Company in the United States. The industry-leading real-time operating system for building embedded devices and systems. Remote attackers can use this vulnerability to submit special requests, causing the application to crash or execute arbitrary code in the application context

Trust: 2.25

sources: NVD: CVE-2016-20009 // JVNDB: JVNDB-2016-009699 // CNVD: CNVD-2021-29083 // VULMON: CVE-2016-20009

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-29083

AFFECTED PRODUCTS

vendor:	siemens	model:	sgt-300	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sgt-a65	scope:	eq	version:	*	Trust: 1.0
vendor:	windriver	model:	vxworks	scope:	gte	version:	6.5	Trust: 1.0
vendor:	siemens	model:	sgt-100	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sgt-200	scope:	eq	version:	*	Trust: 1.0
vendor:	windriver	model:	vxworks	scope:	lte	version:	7.0	Trust: 1.0
vendor:	siemens	model:	sgt-a35	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sgt-a20	scope:	eq	version:	*	Trust: 1.0
vendor:	siemens	model:	sgt-400	scope:	eq	version:	*	Trust: 1.0
vendor:	ウインドリバー株式会社	model:	vxworks	scope:	eq	version:	6.5 to 7	Trust: 0.8
vendor:	ウインドリバー株式会社	model:	vxworks	scope:	eq	version:	-	Trust: 0.8
vendor:	wind	model:	river vxworks	scope:	gte	version:	6.5,<=7	Trust: 0.6

sources: CNVD: CNVD-2021-29083 // JVNDB: JVNDB-2016-009699 // NVD: CVE-2016-20009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-20009
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-20009
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-29083
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202103-841
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2016-20009
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-20009
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-29083
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-20009
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2016-20009
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-29083 // VULMON: CVE-2016-20009 // JVNDB: JVNDB-2016-009699 // CNNVD: CNNVD-202103-841 // NVD: CVE-2016-20009

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2016-009699 // NVD: CVE-2016-20009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-841

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202103-841

PATCH

title:	Top Page	url:	https://www.windriver.com/	Trust: 0.8
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=3f7c93868d7099e31ef639cbd5d52b75	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/	Trust: 0.1

sources: VULMON: CVE-2016-20009 // JVNDB: JVNDB-2016-009699

EXTERNAL IDS

db:	NVD	id:	CVE-2016-20009	Trust: 3.1
db:	SIEMENS	id:	SSA-553445	Trust: 1.7
db:	JVN	id:	JVNVU99791395	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-009699	Trust: 0.8
db:	CNVD	id:	CNVD-2021-29083	Trust: 0.6
db:	ICS CERT	id:	ICSA-21-222-06	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2712	Trust: 0.6
db:	CNNVD	id:	CNNVD-202103-841	Trust: 0.6
db:	VULMON	id:	CVE-2016-20009	Trust: 0.1

sources: CNVD: CNVD-2021-29083 // VULMON: CVE-2016-20009 // JVNDB: JVNDB-2016-009699 // CNNVD: CNNVD-202103-841 // NVD: CVE-2016-20009

REFERENCES

url:	https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/	Trust: 3.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdf	Trust: 1.6
url:	https://jvn.jp/vu/jvnvu99791395/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-20009	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.2712	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-222-06	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/	Trust: 0.1
url:	https://cert-portal.siemens.com/productcert/txt/ssa-553445.txt	Trust: 0.1

sources: CNVD: CNVD-2021-29083 // VULMON: CVE-2016-20009 // JVNDB: JVNDB-2016-009699 // CNNVD: CNNVD-202103-841 // NVD: CVE-2016-20009

CREDITS

Siemens reported to CISA that these products are affected by this vulnerability when using some third-party components.

Trust: 0.6

sources: CNNVD: CNNVD-202103-841

SOURCES

db:	CNVD	id:	CNVD-2021-29083
db:	VULMON	id:	CVE-2016-20009
db:	JVNDB	id:	JVNDB-2016-009699
db:	CNNVD	id:	CNNVD-202103-841
db:	NVD	id:	CVE-2016-20009

LAST UPDATE DATE

2024-08-14T12:34:26.258000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-29083	date:	2021-04-18T00:00:00
db:	VULMON	id:	CVE-2016-20009	date:	2021-08-10T00:00:00
db:	JVNDB	id:	JVNDB-2016-009699	date:	2021-11-24T06:53:00
db:	CNNVD	id:	CNNVD-202103-841	date:	2022-04-06T00:00:00
db:	NVD	id:	CVE-2016-20009	date:	2024-08-06T04:16:42.910

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-29083	date:	2021-04-18T00:00:00
db:	VULMON	id:	CVE-2016-20009	date:	2021-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2016-009699	date:	2021-11-24T00:00:00
db:	CNNVD	id:	CNNVD-202103-841	date:	2021-03-11T00:00:00
db:	NVD	id:	CVE-2016-20009	date:	2021-03-11T22:15:12.120