CVE-2019-12263 - OpenCVE

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Belden	Garrettcom Magnum Dx940e Garrettcom Magnum Dx940e Firmware Hirschmann Dragon Mach4000 Hirschmann Dragon Mach4500 Hirschmann Eagle20 Hirschmann Eagle30 Hirschmann Eagle One Hirschmann Ees20 Hirschmann Ees25 Hirschmann Eesx20 Hirschmann Eesx30 Hirschmann Grs1020 Hirschmann Grs1030 Hirschmann Grs1042 Hirschmann Grs1120 Hirschmann Grs1130 Hirschmann Grs1142 Hirschmann Hios Hirschmann Msp30 Hirschmann Msp32 Hirschmann Msp40 Hirschmann Octopus Os3 Hirschmann Rail Switch Power Lite Hirschmann Rail Switch Power Smart Hirschmann Red25 Hirschmann Rsp20 Hirschmann Rsp25 Hirschmann Rsp30 Hirschmann Rsp35 Hirschmann Rspe30 Hirschmann Rspe32 Hirschmann Rspe35 Hirschmann Rspe37
Netapp	E-series Santricity Os Controller
Siemens	Power Meter 9410 Power Meter 9410 Firmware Power Meter 9810 Power Meter 9810 Firmware Ruggedcom Win7000 Ruggedcom Win7000 Firmware Ruggedcom Win7018 Ruggedcom Win7018 Firmware Ruggedcom Win7025 Ruggedcom Win7025 Firmware Ruggedcom Win7200 Ruggedcom Win7200 Firmware Siprotec 5 Siprotec 5 Firmware
Sonicwall	Sonicos
Windriver	Vxworks

Configuration 1 [-]

OR	cpe:2.3:o:windriver:vxworks::::::::
	cpe:2.3:o:windriver:vxworks:7.0:-::::::

Configuration 2 [-]

OR	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos::::::::
	cpe:2.3:o:sonicwall:sonicos:6.2.7.0:::::::*
	cpe:2.3:o:sonicwall:sonicos:6.2.7.1:::::::*
	cpe:2.3:o:sonicwall:sonicos:6.2.7.7:::::::*

Configuration 3 [-]

AND

cpe:2.3:h:siemens:siprotec_5:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp200

Configuration 4 [-]

cpe:2.3:o:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:siemens:siprotec_5:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp300

Configuration 6 [-]

AND

cpe:2.3:h:siemens:power_meter_9410:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:power_meter_9410_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:siemens:power_meter_9810:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:power_meter_9810_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:h:siemens:ruggedcom_win7018:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:h:siemens:ruggedcom_win7025:-:*:*:*:*:*:*:*

cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:belden:hirschmann_ees20:-:::::::*
	cpe:2.3:h:belden:hirschmann_ees25:-:::::::*
	cpe:2.3:h:belden:hirschmann_eesx20:-:::::::*
	cpe:2.3:h:belden:hirschmann_eesx30:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1020:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1030:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1042:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1120:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1130:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1142:-:::::::*
	cpe:2.3:h:belden:hirschmann_msp30:-:::::::*
	cpe:2.3:h:belden:hirschmann_msp32:-:::::::*
	cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:::::::*
	cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-:::::::*
	cpe:2.3:h:belden:hirschmann_red25:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsp20:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsp25:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsp30:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsp35:-:::::::*
	cpe:2.3:h:belden:hirschmann_rspe30:-:::::::*
	cpe:2.3:h:belden:hirschmann_rspe32:-:::::::*
	cpe:2.3:h:belden:hirschmann_rspe35:-:::::::*
	cpe:2.3:h:belden:hirschmann_rspe37:-:::::::*

Configuration 13 [-]

AND

cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:belden:hirschmann_msp40:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os3:-:::::::*

Configuration 14 [-]

AND

cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:belden:hirschmann_dragon_mach4000:-:::::::*
	cpe:2.3:h:belden:hirschmann_dragon_mach4500:-:::::::*

Configuration 15 [-]

AND

cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:belden:hirschmann_eagle_one:-:::::::*
	cpe:2.3:h:belden:hirschmann_eagle20:-:::::::*
	cpe:2.3:h:belden:hirschmann_eagle30:-:::::::*

Configuration 16 [-]

AND

cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:belden:garrettcom_magnum_dx940e:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
https://security.netapp.com/advisory/ntap-20190802-0001/
https://support.f5.com/csp/article/K41190253
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12263
https://support2.windriver.com/index.php?page=security-notices
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-09T18:10:00

Updated: 2024-08-04T23:17:39.559Z

Reserved: 2019-05-21T00:00:00

Link: CVE-2019-12263

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-08-09T19:15:11.233

Modified: 2022-08-12T18:44:49.107

Link: CVE-2019-12263

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object