Wind River VxWorks prior to 5.5.1, 6.5.x up to and including 6.7.x prior to 6.7.1.1, 6.8.x prior to 6.8.3, 6.9.x prior to 6.9.4.4, and 7.x prior to 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote malicious users to spoof TCP sessions by predicting an ISN value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
windriver vxworks |
||
windriver vxworks 6.6.3 |
||
windriver vxworks 6.6.4 |
||
windriver vxworks 6.6.4.1 |
||
windriver vxworks 7.0 |