CyberSec.Space Logo
Back to CVE Browser

CVE-2019-12260

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0120%
EPSS Percentile14.58th
PublishedAug 9, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option.

Affected Platforms (CPE)

πŸ’»
Windriver

Vxworks

>= 6.5 and < 6.9.4.12
πŸ’»
Windriver

Vxworks

= 7.0
πŸ’»
Sonicwall

Sonicos

>= 5.9.0.0 and <= 5.9.0.7
πŸ’»
Sonicwall

Sonicos

>= 5.9.1.0. and <= 5.9.1.12
πŸ’»
Sonicwall

Sonicos

>= 6.2.0.0 and <= 6.2.3.1
πŸ’»
Sonicwall

Sonicos

>= 6.2.4.0 and <= 6.2.4.3
πŸ’»
Sonicwall

Sonicos

>= 6.2.5.0 and <= 6.2.5.3
πŸ’»
Sonicwall

Sonicos

>= 6.2.6.0 and <= 6.2.6.1
πŸ’»
Sonicwall

Sonicos

>= 6.2.7.0 and <= 6.2.7.4
πŸ’»
Sonicwall

Sonicos

>= 6.2.9.0 and <= 6.2.9.2
πŸ’»
Sonicwall

Sonicos

>= 6.5.0.0 and <= 6.5.0.3
πŸ’»
Sonicwall

Sonicos

>= 6.5.1.0 and <= 6.5.1.4
πŸ’»
Sonicwall

Sonicos

>= 6.5.2.0 and <= 6.5.2.3
πŸ’»
Sonicwall

Sonicos

>= 6.5.3.0 and <= 6.5.3.3
πŸ’»
Sonicwall

Sonicos

>= 6.5.4.0. and <= 6.5.4.3
πŸ’»
Sonicwall

Sonicos

= 6.2.7.0
πŸ’»
Sonicwall

Sonicos

= 6.2.7.1
πŸ’»
Sonicwall

Sonicos

= 6.2.7.7
πŸ’»
Siemens

Siprotec 5 Firmware

< 7.59
πŸ’»
Netapp

E Series Santricity Os Controller

>= 8.00 and <= 8.40.50.00
πŸ’»
Siemens

Siprotec 5 Firmware

< 7.91
πŸ’»
Siemens

Power Meter 9410 Firmware

< 2.2.1
πŸ’»
Siemens

Power Meter 9810 Firmware

All versions
πŸ’»
Siemens

Ruggedcom Win7000 Firmware

< bs5.2.461.17
πŸ’»
Siemens

Ruggedcom Win7018 Firmware

< bs5.2.461.17
πŸ’»
Siemens

Ruggedcom Win7025 Firmware

< bs5.2.461.17
πŸ’»
Siemens

Ruggedcom Win7200 Firmware

< bs5.2.461.17
πŸ“¦
Oracle

Communications Eagle

>= 46.6.0 and <= 46.8.2
πŸ’»
Belden

Hirschmann Hios

<= 07.0.07
πŸ’»
Belden

Hirschmann Hios

<= 07.5.01
πŸ’»
Belden

Hirschmann Hios

<= 07.2.04
πŸ’»
Belden

Hirschmann Hios

<= 05.3.06
πŸ’»
Belden

Garrettcom Magnum Dx940e Firmware

<= 1.0.1_y7

References & Advisories

πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
πŸ”— https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
πŸ”— https://security.netapp.com/advisory/ntap-20190802-0001/
πŸ”— https://support.f5.com/csp/article/K41190253
πŸ”— https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12260
πŸ”— https://support2.windriver.com/index.php?page=security-notices

Related Vulnerabilities

CVE-2004-030810.0

Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 be...

CVE-2013-071410.0

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a deni...

CVE-2002-155810.0

Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that ...

CVE-2010-29659.8

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT serie...