Vulnerability Name:

CVE-2010-2965 (CCN-60910)

Assigned:2010-08-03
Published:2010-08-03
Updated:2022-08-05
Summary:The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804.
CVSS v3 Severity:2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-863
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: Not Applicable
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html

Source: MITRE
Type: CNA
CVE-2010-2965

Source: CONFIRM
Type: Permissions Required
http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735

Source: CCN
Type: SA40829
Rockwell Automation 1756-ENBT Series A VxWorks Debugger Vulnerability

Source: CCN
Type: Rockwell Automation Web site
Automation Systems - ControlLogix / 1756 System

Source: CCN
Type: US-CERT VU#362332
Wind River Systems VxWorks debug service enabled by default

Source: CCN
Type: US-CERT Vulnerability Note VU#362332
Wind River Systems VxWorks debug service enabled by default

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#362332

Source: CONFIRM
Type: Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-86EPFA

Source: CONFIRM
Type: Third Party Advisory, US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-86FPQL

Source: CCN
Type: OSVDB ID: 66842
Wind River Systems' VxWorks WDB Debug Service Remote Arbitrary Memory Manipulation

Source: CCN
Type: BID-42158
VxWorks Debugging Service Security-Bypass Vulnerability

Source: XF
Type: UNKNOWN
controllogix-debug-weak-security(60910)

Source: CONFIRM
Type: Permissions Required
https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [05-30-2018]
VxWorks WDB Agent Remote Reboot

Vulnerable Configuration:Configuration 1:
  • cpe:/o:windriver:vxworks:*:*:*:*:*:*:*:* (Version <= 6.9.4.12)
  • OR cpe:/o:rockwellautomation:1756-enbt/a_firmware:3.2.6:*:*:*:*:*:*:*
  • OR cpe:/o:rockwellautomation:1756-enbt/a_firmware:3.6.1:*:*:*:*:*:*:*
  • AND
  • cpe:/h:rockwellautomation:1756-enbt/a:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    windriver vxworks *
    rockwellautomation 1756-enbt/a firmware 3.2.6
    rockwellautomation 1756-enbt/a firmware 3.6.1
    rockwellautomation 1756-enbt/a -