CVE-2015-3963

Published: Aug 4, 2015Modified: May 6, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Affected (8)

Products: Windriver: Vxworks

1 product

Configuration A

8 vulnerable · 13 platform

Vulnerable Software	Affected Versions
Windriver Vxworks	From 6.5 to 6.6
Windriver Vxworks	From 6.7 to 6.7.1.1
Windriver Vxworks	From 6.8 to 6.8.3
Windriver Vxworks	From 6.9 to 6.9.4.4
Windriver Vxworks	Version 6.6.3
Windriver Vxworks	Version 6.6.4.1
Windriver Vxworks	Version 6.6.4
Windriver Vxworks	Version 7.0

Running on/with	Platform Versions
Schneider Electric Sage 1210	All versions
Schneider Electric Sage 1230	All versions
Schneider Electric Sage 1250	All versions
Schneider Electric Sage 1310	All versions
Schneider Electric Sage 1330	All versions
Schneider Electric Sage 1350	All versions
Schneider Electric Sage 1410	All versions
Schneider Electric Sage 1430	All versions
Schneider Electric Sage 1450	All versions
Schneider Electric Sage 2200	All versions
Schneider Electric Sage 2400	All versions
Schneider Electric Sage 3030	All versions
Schneider Electric Sage 3030 Magnum	All versions

Related CWEs

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (14)

http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01

Source: ics-cert@hq.dhs.gov

PatchThird Party Advisory

http://www.securityfocus.com/bid/75302

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032730

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033181

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://security.netapp.com/advisory/ntap-20160324-0001/

Source: ics-cert@hq.dhs.gov

Third Party Advisory

http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.securityfocus.com/bid/75302

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032730

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1033181

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://security.netapp.com/advisory/ntap-20160324-0001/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.