CVE-2019-12263

CVSS V2 Medium 6.8 CVSS V3 High 8.1
Description
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
Overview
  • CVE ID
  • CVE-2019-12263
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2019-08-09T19:15:11
  • Last Modified Date
  • 2022-08-12T18:44:49
Weakness Enumerations
CWE URL
CWE-362 http://cwe.mitre.org/data/definitions/362.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:* 1 OR 6.5 6.9.4.12
cpe:2.3:o:windriver:vxworks:7.0:-:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 5.9.0.0 5.9.0.7
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 5.9.1.0. 5.9.1.12
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.2.0.0 6.2.3.1
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.2.4.0 6.2.4.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.2.5.0 6.2.5.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.2.6.0 6.2.6.1
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.2.7.0 6.2.7.4
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.2.9.0 6.2.9.2
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.5.0.0 6.5.0.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.5.1.0 6.5.1.4
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.5.2.0 6.5.2.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.5.3.0 6.5.3.3
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* 1 OR 6.5.4.0. 6.5.4.3
cpe:2.3:o:sonicwall:sonicos:6.2.7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:sonicwall:sonicos:6.2.7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:sonicwall:sonicos:6.2.7.7:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp200 1 OR 7.59
cpe:2.3:h:siemens:siprotec_5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* 1 OR 8.00 8.40.50.00
AND
cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp300 1 OR 7.91
cpe:2.3:h:siemens:siprotec_5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:power_meter_9410_firmware:*:*:*:*:*:*:*:* 1 OR 2.2.1
cpe:2.3:h:siemens:power_meter_9410:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:power_meter_9810_firmware:*:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:siemens:power_meter_9810:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:* 1 OR bs5.2.461.17
cpe:2.3:h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:* 1 OR bs5.2.461.17
cpe:2.3:h:siemens:ruggedcom_win7018:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:* 1 OR bs5.2.461.17
cpe:2.3:h:siemens:ruggedcom_win7025:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:* 1 OR bs5.2.461.17
cpe:2.3:h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:* 1 OR 07.0.07
cpe:2.3:h:belden:hirschmann_ees20:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_ees25:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_eesx20:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_eesx30:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_grs1020:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_grs1030:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_grs1042:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_grs1120:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_grs1130:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_grs1142:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_msp30:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_msp32:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_red25:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_rsp20:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_rsp25:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_rsp30:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_rsp35:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_rspe30:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_rspe32:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_rspe35:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_rspe37:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:* 1 OR 07.5.01
cpe:2.3:h:belden:hirschmann_msp40:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_octopus_os3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:* 1 OR 07.2.04
cpe:2.3:h:belden:hirschmann_dragon_mach4000:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_dragon_mach4500:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:* 1 OR 05.3.06
cpe:2.3:h:belden:hirschmann_eagle_one:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_eagle20:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:h:belden:hirschmann_eagle30:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.1_y7
cpe:2.3:h:belden:garrettcom_magnum_dx940e:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • HIGH
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 8.1
  • Base Severity
  • HIGH
  • Exploitability Score
  • 2.2
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 Third Party Advisory
https://support2.windriver.com/index.php?page=security-notices Issue Tracking Vendor Advisory
https://security.netapp.com/advisory/ntap-20190802-0001/ Third Party Advisory
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12263 Vendor Advisory
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/ Vendor Advisory
https://support.f5.com/csp/article/K41190253 Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2019-12263
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12263
History
Created Old Value New Value Data Type Notes
2022-05-10 06:33:06 Added to TrackCVE
2022-12-04 00:55:02 2019-08-09T19:15Z 2019-08-09T19:15:11 CVE Published Date updated
2022-12-04 00:55:02 2022-08-12T18:44:49 CVE Modified Date updated
2022-12-04 00:55:02 Analyzed Vulnerability Status updated