Lucene search
K
WindriverVxworks

38 matches found

CVE
CVE
added 2019/08/09 7:18 p.m.296 views

CVE-2019-12255

CVE-2019-12255 affects Wind River VxWorks IPnet TCP/IP Stack . The issue is a buffer/overflow condition in the TCP component caused by an incorrect handling of the TCP Urgent Pointer being 0, leading to an integer underflow and potential remote code execution. It is one of a set of multiple URGEN...

9.8CVSS9.3AI score0.7525EPSS
CVE
CVE
added 2019/08/09 8:27 p.m.271 views

CVE-2019-12261

CVE-2019-12261 is a Wind River VxWorks IPNet TCP vulnerability (6.7–6.9 and vx7) with a Buffer Overflow in the TCP component caused by TCP Urgent Pointer state confusion during connect() to a remote host. The connected documents identify the affected platform, the issue type, and the root cause, ...

9.8CVSS9.2AI score0.08967EPSS
CVE
CVE
added 2019/08/09 8:0 p.m.270 views

CVE-2019-12258

CVE-2019-12258 affects Wind River VxWorks 6.6–vx7 via the IPNet TCP stack, causing a session-fixation vulnerability that can lead to a TCP DoS from malformed TCP options. Public sources describe this as part of the URGENT/11 set and note the related IPNet flaws across IPv4/TCP handling. Mitigatio...

7.5CVSS8.4AI score0.23354EPSS
CVE
CVE
added 2019/08/09 8:18 p.m.221 views

CVE-2019-12260

CVE-2019-12260 affects Wind River VxWorks 6.9 and vx7, in the IPNet TCP stack. The issue is a buffer overflow in the TCP component caused by a malformed TCP AO option leading to a TCP Urgent Pointer state confusion. Public sources describe potential for remote code execution or crashes via crafte...

9.8CVSS9.3AI score0.22844EPSS
CVE
CVE
added 2019/08/09 6:10 p.m.210 views

CVE-2019-12263

Wind River VxWorks 6.9.4 and vx7 are affected by CVE-2019-12263, a race-condition in the IPNet TCP stack’s Urgent Pointer handling that can trigger a buffer overflow in TCP processing. Exploitation could lead to remote code execution or crash of affected TCP endpoints, per multiple advisories (CI...

8.1CVSS8.7AI score0.03189EPSS
CVE
CVE
added 2010/08/04 9:0 p.m.188 views

CVE-2010-2965

CVE-2010-2965 affects Wind River VxWorks targets (6.x, 5.x and earlier), notably Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1. The WDB target agent debug service exposes a UDP 17185 port that can be used by remote attackers to read or modify arbitrary memory, perform funct...

10CVSS7.4AI score0.57544EPSS
CVE
CVE
added 2019/08/09 6:5 p.m.179 views

CVE-2019-12259

CVE-2019-12259 affects Wind River VxWorks 6.6–6.9 and vx7, due to an array index error in the IGMPv3 client component causing a DoS via a NULL pointer dereference during IGMP parsing. Connected sources confirm the affected platform range and root cause (IPNET IGMP parsing error). The CISA/ICS adv...

7.5CVSS8.5AI score0.15882EPSS
CVE
CVE
added 2019/08/09 6:14 p.m.161 views

CVE-2019-12265

CVE-2019-12265 affects Wind River VxWorks IGMPv3 client by a memory leak in the IGMPv3 membership report handling, leading to a potential information leak. The vulnerability is in the IPNET stack and is part of the URGENT/11 set of issues affecting VxWorks 6.5–6.9.4 (and related VXWorks variants)...

5.3CVSS7AI score0.55271EPSS
CVE
CVE
added 2019/08/09 5:49 p.m.147 views

CVE-2019-12257

CVE-2019-12257 affects Wind River VxWorks 6.6–6.9 via a heap-based buffer overflow in the IPnet DHCP client (ipdhcpc) during DHCP Offer/ACK parsing. Several connected advisories (Tenable OT plugins, ICS/CISA entries, and vendor briefs) confirm the vulnerability in the IPnet DHCP path and indicate...

8.8CVSS9.3AI score0.84177EPSS
CVE
CVE
added 2019/08/09 5:57 p.m.146 views

CVE-2019-12256

CVE-2019-12256 affects Wind River VxWorks 6.9 and vx7 IPNET stack, with a Buffer Overflow in the IPv4 options parsing (IP options) that can crash a tNet0 task and lead to remote code execution. The vulnerability is classified with a high potential impact (CVSS v3 base 9.8: network access, no auth...

9.8CVSS9.5AI score0.26629EPSS
CVE
CVE
added 2008/10/03 3:0 p.m.136 views

CVE-2008-2476

The CVE-2008-2476 issue concerns the IPv6 Neighbor Discovery Protocol (NDP) implementation in several vendors (FreeBSD 6.3–7.1; OpenBSD 4.2–4.3; NetBSD; Force10 FTOS pre-E7.7.1.1; Juniper JUNOS; Wind River VxWorks 5.x–6.4) that does not validate the origin of Neighbor Discovery messages. This all...

9.3CVSS6.2AI score0.07425EPSS
CVE
CVE
added 2019/08/14 7:18 p.m.132 views

CVE-2019-12262

CVE-2019-12262 affects Wind River VxWorks (6.6–7) IPNET TCP/IP stack, specifically the RARP client’s improper access control handling of unsolicited Reverse ARP replies. This logical flaw can enable remote exploitation over affected networks. Vendors have released advisories and patches; apply th...

9.8CVSS9.3AI score0.04116EPSS
CVE
CVE
added 2021/02/03 3:16 p.m.123 views

CVE-2020-28895

CVE-2020-28895 affects Wind River VxWorks: the memory allocator can overflow when calculating the size for calloc(), causing the allocated memory to be smaller than the requested buffer and leading to memory corruption. The vulnerability is documented across multiple sources (e.g., Wind River adv...

7.5CVSS7.4AI score0.01475EPSS
CVE
CVE
added 2021/04/13 4:26 p.m.116 views

CVE-2021-29999

CVE-2021-29999 affects Wind River VxWorks up to version 6.8, with a stack overflow vulnerability in the DHCP server. The available connected documents consistently describe a stack overflow issue in the DHCP server of VxWorks and do not provide further technical specifics, affected subcomponents,...

9.8CVSS9.6AI score0.01789EPSS
CVE
CVE
added 2019/08/05 5:34 p.m.111 views

CVE-2019-12264

CVE-2019-12264 affects Wind River VxWorks IPNet IP DHCP client (ipdhcpc) and allows Improper Neutralization of Argument Delimiters in a Command (Argument Injection) in IPv4 address assignment. Affected products include VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4 and VxWorks 7. Likely impact is memory/log...

7.1CVSS8.2AI score0.08311EPSS
CVE
CVE
added 2017/02/07 5:0 p.m.102 views

CVE-2015-7599

Wind River VxWorks CVE-2015-7599: Integer overflow in _authenticate (svc_auth.c) when RPC is enabled, enabling remote DoS and potential code execution. Affected versions: VxWorks 5.5–6.9.4.1. Public references in the connected docs show an RPC DoS exploit module (vxworks_rpc_dos) targeting VxWork...

9.3CVSS8.7AI score0.0591EPSS
CVE
CVE
added 2021/05/12 10:55 a.m.99 views

CVE-2020-35198

CVE-2020-35198 affects Wind River VxWorks 7. The vulnerability is caused by an integer overflow in the memory allocator when calculating a memory block size for calloc(), resulting in the allocated memory being smaller than the requested buffer and causing memory corruption. Public documents in c...

9.8CVSS9.5AI score0.0244EPSS
CVE
CVE
added 2022/03/29 1:21 a.m.98 views

CVE-2022-23937

The CVE-2022-23937 entry documents a vulnerability in Wind River VxWorks 6.9 and 7 where a specially crafted packet can cause an out-of-bounds read during the IKE initial exchange. Affected products are Wind River VxWorks 6.9 and 7 (RTU500/related contexts as cited in several feeds). The root cau...

7.5CVSS7.3AI score0.00994EPSS
CVE
CVE
added 2021/03/11 9:39 p.m.92 views

CVE-2016-20009

Vulnerability: Wind River VxWorks 6.5–7 is affected by a DNS client stack-based buffer overflow in ipdnsc_decode_name(). The Red Hat/NVD-derived entries, CNVD, PRION, and PT Security notes confirm the issue affects Wind River VxWorks versions 6.5 through 7 and describe an out-of-bounds write in t...

9.8CVSS9.7AI score0.01894EPSS
CVE
CVE
added 2024/02/15 12:0 a.m.90 views

CVE-2023-51787

CVE-2023-51787 affects Wind River VxWorks 7 22.09 and 23.03. The issue occurs when a VxWorks task or POSIX thread that uses OpenSSL exits, causing the per‑task memory not to be freed and resulting in a memory leak. The described impact is a memory availability concern (high severity per CVSS) but...

7.5CVSS6.8AI score0.00487EPSS
CVE
CVE
added 2019/05/29 4:33 p.m.89 views

CVE-2019-9865

The CVE-2019-9865 advisory covers Wind River VxWorks 6.9 prior to 6.9.1 where an RPC request can trigger an integer overflow causing an out-of-bounds memory copy. This may allow a remote attacker to cause a denial of service or possibly execute arbitrary code. Connected sources confirm affected p...

8.1CVSS8.5AI score0.01996EPSS
CVE
CVE
added 2021/04/13 4:16 p.m.87 views

CVE-2021-29998

CVE-2021-29998 affects Wind River VxWorks before 6.5 due to a heap-based overflow in the DHCP client. Impact ranges from DoS to potential remote code execution (per ICS advisories). Affected products include Wind River VxWorks-based industrial systems. Mitigations from ICS/CISA advisories include...

9.8CVSS9.5AI score0.02373EPSS
CVE
CVE
added 2013/03/20 6:0 p.m.77 views

CVE-2013-0714

CVE-2013-0714 affects Wind River VxWorks 6.5–6.9 IPSSH (SSH server). A crafted public-key authentication request can cause the SSH server to hang and make SSH access unavailable until the next reboot; the vulnerability may also enable arbitrary code execution on the server. The issue is reported ...

10CVSS8.2AI score0.06353EPSS
CVE
CVE
added 2015/08/04 1:0 a.m.74 views

CVE-2015-3963

CVE-2015-3963 describes a TCP initial sequence number (ISN) predictability vulnerability in Wind River VxWorks (various versions, including 5.x–7.x as deployed by Schneider Electric SAGE RTUs). The root cause is generation of predictable TCP ISNs, enabling remote attackers to spoof or disrupt TCP...

5.8CVSS5.1AI score0.03743EPSS
CVE
CVE
added 2022/11/25 12:0 a.m.71 views

CVE-2022-38767

Wind River VxWorks 6.9 and 7 are affected by CVE-2022-38767, where a specially crafted packet from a Radius server can trigger a Denial of Service during the IP Radius access procedure. The vulnerability affects the RADIUS client handling in the VxWorks IP Radius path and has a CVSS v3.1 base sco...

7.5CVSS7.4AI score0.01028EPSS
CVE
CVE
added 2010/08/04 9:0 p.m.70 views

CVE-2010-2967

The CVE-2010-2967 vXWorks vulnerability stems from Wind River VxWorks’ loginLib loginDefaultEncrypt hashing: it uses a weak default hashing algorithm prone to collisions, enabling brute-force style password guessing for services that rely on the standard authentication API (telnet, rlogin, FTP). ...

7.8CVSS6.7AI score0.01716EPSS
CVE
CVE
added 2021/04/13 4:34 p.m.66 views

CVE-2021-29997

Wind River VxWorks 7 before 21.03 is affected by CVE-2021-29997. A specially crafted IKE packet may trigger a buffer over-read in the IKE processing, potentially causing service disruption. Impact is described as at least partial availability impact with network access and low attack complexity (...

5.3CVSS5.3AI score0.0103EPSS
CVE
CVE
added 2013/03/20 6:0 p.m.65 views

CVE-2013-0711

CVE-2013-0711 affects Wind River VxWorks 6.5–6.9: IPSSH (SSH server) denial of service via crafted authentication requests caused SSH access to be unavailable until the next reboot. Root cause is improper input handling in authentication processing. Connected documents confirm related vulnerabili...

7.8CVSS6.9AI score0.03274EPSS
CVE
CVE
added 2013/03/20 6:0 p.m.65 views

CVE-2013-0715

The CVE-2013-0715 vulnerability affects Wind River VxWorks WebCLI in versions 5.5–6.9. The root cause is a parsing issue in the WebCLI command processing that allows remote authenticated users to cause a DoS by crashing the CLI session. Impact is CLI session termination with potential reuse of a ...

4CVSS6.4AI score0.01878EPSS
CVE
CVE
added 2020/07/23 1:59 p.m.65 views

CVE-2020-11440

CVE-2020-11440 describes a vulnerability in Wind River VxWorks (WebCLI) where httpRpmFs fails to validate escaping attempts from the web root, potentially exposing sensitive data. The NVD entry notes a network-based attack surface with a CVSS v3.1 base score of 7.5 (High) and a CVSS v2 base score...

7.5CVSS7.6AI score0.01082EPSS
CVE
CVE
added 2013/03/20 6:0 p.m.61 views

CVE-2013-0712

CVE-2013-0712 affects Wind River VxWorks IPSSH (SSH server) in versions 6.5–6.9. The DoS condition arises from a vulnerability in processing immediately after an SSH connection is established, allowing remote authenticated users to cause a denial of service (daemon outage) via a crafted packet. I...

6.8CVSS6.4AI score0.02614EPSS
CVE
CVE
added 2013/03/20 6:0 p.m.60 views

CVE-2013-0716

The CVE-2013-0716 issue affects Wind River VxWorks Web Server (versions 5.5 through 6.9). It is a DoS vulnerability in the Web Server component where a specially crafted URL can cause the Web Server to crash (denial of service). The underlying cause is described as an improper input handling/vali...

5CVSS6.7AI score0.02374EPSS
CVE
CVE
added 2013/03/20 6:0 p.m.58 views

CVE-2013-0713

CVE-2013-0713 affects Wind River VxWorks 6.5–6.9 IPSSH (SSH server). A crafted pty request can cause SSH access to be unavailable until next reboot; authenticated users may trigger this DoS. Public details confirm affected versions and the root cause (pty handling). Mitigation: apply Wind River p...

6.8CVSS6.3AI score0.02176EPSS
CVE
CVE
added 2010/08/04 9:0 p.m.57 views

CVE-2010-2968

The CVE concerns Wind River VxWorks’ FTP daemon, where the FTP service does not close the TCP connection after multiple failed login attempts. This behavior allows remote attackers to attempt brute-force access, as described in multiple sources (NVD, Red Hat advisory, CVE CVE-2010-2968 records). ...

7.8CVSS6.7AI score0.01476EPSS
CVE
CVE
added 2021/11/24 4:15 p.m.53 views

CVE-2021-43268

CVE-2021-43268 affects Wind River VxWorks 6.9 through 7, with a vulnerability in the IKE component where a crafted packet can cause reading beyond the end of a buffer or a double free. Impact is described as potential denial of service via crafted network traffic to the IKE service. Public detail...

6.5CVSS6.3AI score0.00848EPSS
CVE
CVE
added 2023/09/22 12:0 a.m.52 views

CVE-2023-38346

Wind River VxWorks 6.9 and 7 are affected by CVE-2023-38346 due to the tarExtract function handling TAR archives without proper path validation, which may allow directory traversal and unintended behavior. The issue arises from tarExtract processing files with relative or absolute paths and not c...

8.8CVSS8.5AI score0.01239EPSS
CVE
CVE
added 2020/04/27 12:21 p.m.50 views

CVE-2020-10664

Affected product/component: Wind River VxWorks 6.8.3 IPNET (IGMP component) with CVE patches created in 2019. Vulnerability: NULL pointer dereference in the IGMP code path. Impact (as stated): Availability impact of the vulnerable component is reported as HIGH (CVSS‑3.1) and PARTIAL (CVSS‑2.0) wi...

7.5CVSS7.5AI score0.01343EPSS
CVE
CVE
added 2010/08/04 9:0 p.m.45 views

CVE-2010-2966

The CVE-2010-2966 issue affects Wind River VxWorks 6.x, 5.x, and earlier where INCLUDE_SECURITY uses LOGIN_USER_NAME and LOGIN_USER_PASSWORD (LOGIN_PASSWORD) to create hardcoded credentials. This enables remote authentication for (1) telnet, (2) rlogin, or (3) FTP sessions. Root cause is hardcode...

7.8CVSS6.8AI score0.01535EPSS