VAR-201908-0705
Vulnerability from variot - Updated: 2023-12-18 11:51Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. Wind River VxWorks Contains an argument insertion or modification vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Wind River Systems VxWorks is an embedded real-time operating system (RTOS) from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. The vulnerability stems from the process of constructing command parameters from external input data. The network system or product does not properly filter the special characters in the parameters. An attacker could exploit the vulnerability to execute an illegal command
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0705",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ruggedcom win7200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "bs5.2.461.17"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "6.9.3"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "6.9.4"
},
{
"model": "hirschmann hios",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "07.5.01"
},
{
"model": "hirschmann hios",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "05.3.06"
},
{
"model": "ruggedcom win7018",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "bs5.2.461.17"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "6.8"
},
{
"model": "hirschmann hios",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "07.2.04"
},
{
"model": "ruggedcom win7000",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "bs5.2.461.17"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "6.7"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "6.6"
},
{
"model": "ruggedcom win7025",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "bs5.2.461.17"
},
{
"model": "hirschmann hios",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "07.0.07"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 1.0,
"vendor": "windriver",
"version": "7.0"
},
{
"model": "garrettcom magnum dx940e",
"scope": "lte",
"trust": 1.0,
"vendor": "belden",
"version": "1.0.1_y7"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.8,
"vendor": "wind river",
"version": "6.6"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.8,
"vendor": "wind river",
"version": "6.7"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.8,
"vendor": "wind river",
"version": "6.8"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.8,
"vendor": "wind river",
"version": "6.9.3"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.8,
"vendor": "wind river",
"version": "6.9.4"
},
{
"model": "vxworks",
"scope": "eq",
"trust": 0.8,
"vendor": "wind river",
"version": "7"
},
{
"model": "river systems wind river systems vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.9"
},
{
"model": "river systems wind river systems vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.8"
},
{
"model": "river systems wind river systems vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.7"
},
{
"model": "river systems wind river systems vxworks",
"scope": "eq",
"trust": 0.6,
"vendor": "wind",
"version": "6.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.6"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.7"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.8"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.9.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "6.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vxworks",
"version": "7"
}
],
"sources": [
{
"db": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-25706"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007544"
},
{
"db": "NVD",
"id": "CVE-2019-12264"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "07.0.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_red25:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_grs1042:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_grs1142:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_grs1020:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_grs1120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_grs1030:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_grs1130:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_eesx20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_ees20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_ees25:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_eesx30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_msp30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_msp32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_rsp20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_rsp25:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_rsp30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_rsp35:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_rspe30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_rspe32:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_rspe35:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_rspe37:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "07.5.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_octopus_os3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_msp40:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "07.2.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_dragon_mach4000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_dragon_mach4500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "05.3.06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_eagle20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_eagle30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:belden:hirschmann_eagle_one:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.1_y7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belden:garrettcom_magnum_dx940e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "bs5.2.461.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "bs5.2.461.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win7018:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "bs5.2.461.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win7025:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "bs5.2.461.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12264"
}
]
},
"cve": "CVE-2019-12264",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-12264",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2019-25706",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-12264",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-12264",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-25706",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201907-1490",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-25706"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007544"
},
{
"db": "NVD",
"id": "CVE-2019-12264"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1490"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. Wind River VxWorks Contains an argument insertion or modification vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Wind River Systems VxWorks is an embedded real-time operating system (RTOS) from Wind River Systems. A parameter injection vulnerability exists in Wind River Systems VxWorks. The vulnerability stems from the process of constructing command parameters from external input data. The network system or product does not properly filter the special characters in the parameters. An attacker could exploit the vulnerability to execute an illegal command",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12264"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007544"
},
{
"db": "CNVD",
"id": "CNVD-2019-25706"
},
{
"db": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-12264",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-189842",
"trust": 1.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-274-01",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSMA-19-274-01",
"trust": 1.4
},
{
"db": "ICS CERT",
"id": "ICSA-19-211-01",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2019-25706",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1490",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007544",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.3695.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.3245",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ASB-2019.0224",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.2856",
"trust": 0.6
},
{
"db": "IVD",
"id": "099DBD8C-FA3C-4762-AAC4-226D6F6B7C0E",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-25706"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007544"
},
{
"db": "NVD",
"id": "CVE-2019-12264"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1490"
}
]
},
"id": "VAR-201908-0705",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-25706"
}
],
"trust": 1.28913044
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-25706"
}
]
},
"last_update_date": "2023-12-18T11:51:07.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SECURITY VULNERABILITY RESPONSE INFORMATION",
"trust": 0.8,
"url": "https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/"
},
{
"title": "CVE-2019-12264",
"trust": 0.8,
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=cve-2019-12264"
},
{
"title": "Wind River Systems VxWorks Parameter Injection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/172955"
},
{
"title": "Wind River Systems VxWorks Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=95605"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25706"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007544"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1490"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-88",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-007544"
},
{
"db": "NVD",
"id": "CVE-2019-12264"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf"
},
{
"trust": 1.6,
"url": "https://support.f5.com/csp/article/k41190253"
},
{
"trust": 1.6,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03960en_us"
},
{
"trust": 1.6,
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=cve-2019-12264"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-01"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-274-01"
},
{
"trust": 1.4,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-274-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12264"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12264"
},
{
"trust": 0.6,
"url": "https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/security-advisory-ipnet/security-advisory-ipnet.pdf"
},
{
"trust": 0.6,
"url": "https://www.tenable.com/blog/critical-vulnerabilities-dubbed-urgent11-place-devices-running-vxworks-at-risk-of-rce-attacks"
},
{
"trust": 0.6,
"url": "https://fortiguard.com/psirt/fg-ir-19-222"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3695.5/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2856/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/wind-river-vxworks-multiple-vulnerabilities-via-ipnet-29905"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/asb-2019.0224/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3245/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-25706"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007544"
},
{
"db": "NVD",
"id": "CVE-2019-12264"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1490"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-25706"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-007544"
},
{
"db": "NVD",
"id": "CVE-2019-12264"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1490"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e"
},
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25706"
},
{
"date": "2019-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007544"
},
{
"date": "2019-08-05T18:15:10.863000",
"db": "NVD",
"id": "CVE-2019-12264"
},
{
"date": "2019-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1490"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-25706"
},
{
"date": "2019-10-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-007544"
},
{
"date": "2022-06-16T18:10:52.543000",
"db": "NVD",
"id": "CVE-2019-12264"
},
{
"date": "2021-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201907-1490"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201907-1490"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wind River Systems VxWorks Parameter injection vulnerability",
"sources": [
{
"db": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e"
},
{
"db": "CNVD",
"id": "CNVD-2019-25706"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1490"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Parameter injection",
"sources": [
{
"db": "IVD",
"id": "099dbd8c-fa3c-4762-aac4-226d6f6b7c0e"
},
{
"db": "CNNVD",
"id": "CNNVD-201907-1490"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…