CVE-2019-12257

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc...

CVE-2019-12256

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options...

CVE-2019-12256

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options...

CVE-2019-12257

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc...

Buffer overflow

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options...

Buffer overflow

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc...

CVE-2019-12265

CVE-2019-12265 affects Wind River VxWorks IGMPv3 client by a memory leak in the IGMPv3 membership report handling, leading to a potential information leak. The vulnerability is in the IPNET stack and is part of the URGENT/11 set of issues affecting VxWorks 6.5–6.9.4 (and related VXWorks variants)...

CVE-2019-12265

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report...

CVE-2019-12263

Wind River VxWorks 6.9.4 and vx7 are affected by CVE-2019-12263, a race-condition in the IPNet TCP stack’s Urgent Pointer handling that can trigger a buffer overflow in TCP processing. Exploitation could lead to remote code execution or crash of affected TCP endpoints, per multiple advisories (CI...

CVE-2019-12263

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component issue 4 of 4. There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition...

CVE-2019-12259

CVE-2019-12259 affects Wind River VxWorks 6.6–6.9 and vx7, due to an array index error in the IGMPv3 client component causing a DoS via a NULL pointer dereference during IGMP parsing. Connected sources confirm the affected platform range and root cause (IPNET IGMP parsing error). The CISA/ICS adv...

CVE-2019-12259

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing...

CVE-2019-12256

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options...

CVE-2019-12257

CVE-2019-12257 affects Wind River VxWorks 6.6–6.9 via a heap-based buffer overflow in the IPnet DHCP client (ipdhcpc) during DHCP Offer/ACK parsing. Several connected advisories (Tenable OT plugins, ICS/CISA entries, and vendor briefs) confirm the vulnerability in the IPnet DHCP path and indicate...

CVE-2019-12257

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc...

VxWorks is facing severe RCE attack risk-vulnerability warning-the black bar safety net

Armis research team in the VxWorks discovered 11 zero-day vulnerabilities, VxWorks may be the most widely used of theoperating system. VxWorks is more than 20 million devices in use, including critical industrial, medical and business equipment. Called the“URGENT/11,”the vulnerability exists in t...

'URGENT/11' Critical Infrastructure Bugs Threaten EternalBlue-Style Attacks

UPDATE A cadre of 11 vulnerabilities, six of them critical remote code-execution RCE bugs, have been uncovered that affect millions of critical infrastructure systems, such as SCADA gear at utilities, elevator and industrial controllers, patient monitors and MRI machines, programmable logic...

Wind River VxWorks Multiple Vulnerabilities (URGENT/11)

According to its self-reported version, the remote device is potentially affected by multiple Wind River VxWorks remote code execution and denial-of-service vulnerabilities in the IPnet TCP/IP stack. An unauthenticated, remote, attacker could leverage these vulnerabilities to gain full access to...

CVE-2015-3963

CVE-2015-3963 describes a TCP initial sequence number (ISN) predictability vulnerability in Wind River VxWorks (various versions, including 5.x–7.x as deployed by Schneider Electric SAGE RTUs). The root cause is generation of predictable TCP ISNs, enabling remote attackers to spoof or disrupt TCP...