Vulnerability Name:

CVE-2019-12262 (CCN-164438)

Assigned:2019-07-29
Published:2019-07-29
Updated:2022-06-16
Summary:Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.1 Medium (CCN CVSS v2 Vector: AV:A/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2019-12262

Source: CCN
Type: ARMIS Web site
URGENT/11

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Source: CONFIRM
Type: Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Source: XF
Type: UNKNOWN
windriver-cve201912262-dos(164438)

Source: CONFIRM
Type: Third Party Advisory
https://support.f5.com/csp/article/K41190253

Source: CCN
Type: Wind River Web site
CVE-2019-12262

Source: CONFIRM
Type: Vendor Advisory
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12262

Vulnerable Configuration:Configuration 1:
  • cpe:/o:windriver:vxworks:6.8:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:vxworks:6.7:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:vxworks:6.9:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:vxworks:6.6:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:vxworks:7.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:belden:hirschmann_hios:*:*:*:*:*:*:*:* (Version <= 07.0.07)
  • AND
  • cpe:/h:belden:hirschmann_rail_switch_power_lite:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_rail_switch_power_smart:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_red25:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_grs1042:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_grs1142:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_grs1020:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_grs1120:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_grs1030:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_grs1130:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_eesx20:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_ees20:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_ees25:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_eesx30:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_msp30:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_msp32:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_rsp20:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_rsp25:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_rsp30:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_rsp35:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_rspe30:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_rspe32:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_rspe35:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_rspe37:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:belden:hirschmann_hios:*:*:*:*:*:*:*:* (Version <= 07.5.01)
  • AND
  • cpe:/h:belden:hirschmann_octopus_os3:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_msp40:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:belden:hirschmann_hios:*:*:*:*:*:*:*:* (Version <= 07.2.04)
  • AND
  • cpe:/h:belden:hirschmann_dragon_mach4000:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_dragon_mach4500:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:belden:hirschmann_hios:*:*:*:*:*:*:*:* (Version <= 05.3.06)
  • AND
  • cpe:/h:belden:hirschmann_eagle20:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_eagle30:-:*:*:*:*:*:*:*
  • OR cpe:/h:belden:hirschmann_eagle_one:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:belden:garrettcom_magnum_dx940e_firmware:*:*:*:*:*:*:*:* (Version <= 1.0.1_y7)
  • AND
  • cpe:/h:belden:garrettcom_magnum_dx940e:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:* (Version < bs5.2.461.17)
  • AND
  • cpe:/h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:* (Version < bs5.2.461.17)
  • AND
  • cpe:/h:siemens:ruggedcom_win7018:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:* (Version < bs5.2.461.17)
  • AND
  • cpe:/h:siemens:ruggedcom_win7025:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:* (Version < bs5.2.461.17)
  • AND
  • cpe:/h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:windriver:vxworks:6.6:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:vxworks:6.7:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:vxworks:6.8:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:vxworks:6.9:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:vxworks:7.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    windriver vxworks 6.8
    windriver vxworks 6.7
    windriver vxworks 6.9
    windriver vxworks 6.6
    windriver vxworks 7.0
    belden hirschmann hios *
    belden hirschmann rail switch power lite -
    belden hirschmann rail switch power smart -
    belden hirschmann red25 -
    belden hirschmann grs1042 -
    belden hirschmann grs1142 -
    belden hirschmann grs1020 -
    belden hirschmann grs1120 -
    belden hirschmann grs1030 -
    belden hirschmann grs1130 -
    belden hirschmann eesx20 -
    belden hirschmann ees20 -
    belden hirschmann ees25 -
    belden hirschmann eesx30 -
    belden hirschmann msp30 -
    belden hirschmann msp32 -
    belden hirschmann rsp20 -
    belden hirschmann rsp25 -
    belden hirschmann rsp30 -
    belden hirschmann rsp35 -
    belden hirschmann rspe30 -
    belden hirschmann rspe32 -
    belden hirschmann rspe35 -
    belden hirschmann rspe37 -
    belden hirschmann hios *
    belden hirschmann octopus os3 -
    belden hirschmann msp40 -
    belden hirschmann hios *
    belden hirschmann dragon mach4000 -
    belden hirschmann dragon mach4500 -
    belden hirschmann hios *
    belden hirschmann eagle20 -
    belden hirschmann eagle30 -
    belden hirschmann eagle one -
    belden garrettcom magnum dx940e firmware *
    belden garrettcom magnum dx940e -
    siemens ruggedcom win7000 firmware *
    siemens ruggedcom win7000 -
    siemens ruggedcom win7018 firmware *
    siemens ruggedcom win7018 -
    siemens ruggedcom win7025 firmware *
    siemens ruggedcom win7025 -
    siemens ruggedcom win7200 firmware *
    siemens ruggedcom win7200 -
    windriver vxworks 6.6
    windriver vxworks 6.7
    windriver vxworks 6.8
    windriver vxworks 6.9
    windriver vxworks 7.0