552 matches found
CVE-2023-51787
CVE-2023-51787 affects Wind River VxWorks 7 22.09 and 23.03. The issue occurs when a VxWorks task or POSIX thread that uses OpenSSL exits, causing the per‑task memory not to be freed and resulting in a memory leak. The described impact is a memory availability concern (high severity per CVSS) but...
CVE-2023-51787
An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak...
Mitsubishi Electric MELSEC-Q Series C Controller Module Denial of Service and Malicious Code Execution (CVE-2021-29998)
Denial of Service and Malicious Code Execution Vulnerability exists in DHCP client function of VxWorks version 6.4, a real-time OS distributed by Wind River. A remote attacker may cause a denial of service DoS condition or execute malicious code on a target product by sending specially crafted...
Siemens SIPROTEC 4 7SJ66
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Hitachi Energys RTU500 Series Product Out-of-Bounds Read (CVE-2022-23937)
A vulnerability exists in the Wind River VxWorks version 6.9 that affects the RTU500 series product versions listed below. RTU500 series CMU Firmware versions 12.0.1 â 12.0.14 12.2.1 â 12.2.11 12.4.1 â 12.4.11 12.6.1 â 12.6.8 12.7.1 â 12.7.5 13.2.1 â 13.2.5 13.3.1 â 13.3.3 13.4.1 In...
The vulnerability of the tarExtract function in real-time operating systems like Wind River VxWorks allows attackers to execute arbitrary commands.
The vulnerability of the tarExtract function in real-time operating systems like Wind River VxWorks relates to the ability to bypass the directory structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by introducing a malicious tar file...
CVE-2023-38346
An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...
CVE-2023-38346
An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...
CVE-2023-38346
An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...
Directory traversal
An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...
CVE-2023-38346
An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...
CVE-2023-38346
An issue was discovered in Wind River VxWorks 6.9 and 7. The function tarExtract implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading...
CVE-2023-38346
Wind River VxWorks 6.9 and 7 are affected by CVE-2023-38346 due to the tarExtract function handling TAR archives without proper path validation, which may allow directory traversal and unintended behavior. The issue arises from tarExtract processing files with relative or absolute paths and not c...
Wind River VxWorks Path Traversal Vulnerability
Wind River VxWorks is an operating system from Wind River Systems, Inc. the industry-leading real-time operating system for building embedded devices and systems. A security vulnerability exists in Wind River VxWorks that stems from a flaw in the tarExtract function that could lead to unexpected...
PT-2023-5463 · Wind River · Vxworks
Name of the Vulnerable Software and Affected Versions: Wind River VxWorks versions 6.9 through 7 Description: An issue was discovered in the tarExtract function, which implements TAR file extraction and processes files within an archive that have relative or absolute file paths. This could lead t...
The vulnerability of the IKE protocol implementation in real-time operating systems like Wind River VxWorks allows attackers to trigger service failures or gain access to confidential information.
The vulnerability of the IKE protocol implementation in real-time operating systems like Wind River VxWorks relates to reading beyond the boundary. Exploiting this vulnerability can allow a malicious actor to cause service failures or gain access to confidential information...
Siemens RADIUS Client of SIPROTEC 5 Devices Loop with Unreachable Exit Condition (CVE-2022-38767)
An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
SUSE CVE-2005-3804
Cisco IP Phone VoIP 7920 1.08 listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service...
ABB Improper Neutralization of Argument Delimiters in a Command in Wind River VxWorks (CVE-2019-12262)
Wind River is the provider of a real time operating system called VxWorks which is used in the embedded software of the PM 877 Controller. Wind River has announced security vulnerabilities in the VxWorks TCP/IP stack IPnet and management of memory block size Bad Alloc. The controller PM 877 is...
ABB Concurrent Execution Using Shared Resource with Improper Synchronization in Wind River VxWorks (CVE-2019-12263)
Wind River is the provider of a real time operating system called VxWorks which is used in the embedded software of the PM 877 Controller. Wind River has announced security vulnerabilities in the VxWorks TCP/IP stack IPnet and management of memory block size Bad Alloc. The controller PM 877 is...