Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2019-12256

Published: 09/08/2019 Updated: 16/08/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Vxworks

Vulnerability Summary

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

windriver vxworks

netapp e-series santricity os controller

sonicwall sonicos

sonicwall sonicos 6.2.7.1

sonicwall sonicos 6.2.7.7

sonicwall sonicos 6.2.7.0

siemens siprotec_5_firmware

siemens power_meter_9410_firmware

siemens power_meter_9810_firmware

siemens ruggedcom_win7000_firmware

siemens ruggedcom_win7018_firmware

siemens ruggedcom_win7025_firmware

siemens ruggedcom_win7200_firmware

belden hirschmann_hios

belden garrettcom_magnum_dx940e_firmware

ICS Advisories

https://ics-cert.us-cert.gov/advisories/5680a4f01b22d6b8ba7e564ef42d6eb4
Critical Infrastructure Sectors: Critical Manufacturing

Github Repositories

https://github.com/sud0woodo/Urgent11-Suricata-LUA-scripts

Suricata LUA scripts to detect CVE-2019-12255, CVE-2019-12256, CVE-2019-12258, and CVE-2019-12260

Urgent11-Suricata-LUA-scripts Suricata LUA scripts to detect CVE-2019-12255, CVE-2019-12256, CVE-2019-12258, and CVE-2019-12260 CVE-2019-12255 The script checks for CVE-2019-12255, the packet that is checked needs to have the PSH, ACK, and URG flags set, and have a payload size that exceeds 1500 bytes It then checks if the value of the urgent pointer is set to 0, this will cau

Recent Articles

Oh sh*t's, 11: VxWorks stars in today's security thriller – hijack bugs discovered in countless gadgets' network code
The Register • Shaun Nichols in San Francisco • 29 Jul 2019

Equipment in hospitals, factories, offices, etc potentially vulnerable to attack Intel flogs off Wind River after it failed to deliver mobile supremacy NASA rover coders at Intel's Wind River biz axed – sources

Wind River has patched 11 security vulnerabilities in VxWorks that can be potentially exploited over networks or the internet to commandeer all sorts of equipment dotted around the planet. This real-time operating system powers car electronics, factory robots and controllers, aircraft and spacecraft, wireless routers, medical equipment, digital displays, and plenty of other stuff – so if you deploy a vulnerable version of VxWorks, and it is network or internet-connected, you definitely want to...

Read more...

References

CWE-120https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdfhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12256https://support2.windriver.com/index.php?page=security-noticeshttps://security.netapp.com/advisory/ntap-20190802-0001/https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/https://support.f5.com/csp/article/K41190253https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdfhttps://nvd.nist.govhttps://github.com/sud0woodo/Urgent11-Suricata-LUA-scriptshttps://www.theregister.co.uk/2019/07/29/wind_river_patches_vxworks/https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook