Siemens Stack-Based Buffer Overflow in Wind River VxWorks (CVE-2019-12256)

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets' IP options. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. C...

Siemens Improper Neutralization of Argument Delimiters in a Command in Wind River VxWorks (CVE-2019-12258)

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. C Tenable,...

Siemens Concurrent Execution Using Shared Resource with Improper Synchronization in Wind River VxWorks (CVE-2019-12263)

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component issue 4 of 4. There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

Siemens Null Pointer Dereference in Wind River VxWorks (CVE-2019-12259)

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. - Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There...

NAME:WRECK DNS Vulnerabilities

Cybersecurity researchers from Forescout and JSOF have released a report on a set of nine vulnerabilities—referred to as NAME:WRECK—affecting Domain Name System DNS implementations. NAME:WRECK affects at least four common TCP/IP stacks—FreeBSD, IPNet, NetX, and Nucleus NET—that are used in Intern...

CVE-2020-10664

The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference...

Null pointer dereference

The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference...

CVE-2020-10664

Affected product/component: Wind River VxWorks 6.8.3 IPNET (IGMP component) with CVE patches created in 2019. Vulnerability: NULL pointer dereference in the IGMP code path. Impact (as stated): Availability impact of the vulnerable component is reported as HIGH (CVSS‑3.1) and PARTIAL (CVSS‑2.0) wi...

Multiple vulnerabilities in TCP/IP function on Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000

Overview MELSEC C Controller Module and MELIPC Series MI5000 provided by Mitsubishi Electric Corporation have multiple vulnerabilities due to the vulnerabilities called "URGENT/11" in TCP/IP function IPnet of VxWorks, a real-time OS distributed by Wind River. Q24DHCCPU-V and Q24DHCCPU-VG Buffer...

URGENT/11 Scanner, Based on Detection Tool by Armis

This module detects VxWorks and the IPnet IP stack, along with devices vulnerable to CVE-2019-12258. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'URGENT/11 Scanner, Based on Detection Tool b...

Interpeak IPnet TCP/IP Stack (Update D)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are available Vendors: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by...

Wind River VxWorks IPnet TCP/IP Stack Vulnerabilities (aka. URGENT/11)

11 zero day vulnerabilities aka. URGENT/11 were disclosed in VxWorks® TCP/IP stack IPnet:...

CVE-2019-12262

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies Logical Flaw...

Design/Logic Flaw

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies Logical Flaw...

CVE-2019-12262

CVE-2019-12262 affects Wind River VxWorks (6.6–7) IPNET TCP/IP stack, specifically the RARP client’s improper access control handling of unsolicited Reverse ARP replies. This logical flaw can enable remote exploitation over affected networks. Vendors have released advisories and patches; apply th...

CVE-2019-12262

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies Logical Flaw...

CVE-2019-12260

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component issue 2 of 4. This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option...

CVE-2019-12261

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component issue 3 of 4. This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect to a remote host...

Buffer overflow

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component issue 3 of 4. This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect to a remote host...

Design/Logic Flaw

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component issue 2 of 4. This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option...