← Back

CVE-2019-12255

nvd nist
Published: Aug 9, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.

Affected (32)

Show all products
Windriver: Vxworks · Netapp: E Series Santricity Os Controller · Sonicwall: Sonicos · Siemens: Siprotec 5 Firmware, Power Meter 9410 Firmware, Power Meter 9810 Firmware, Ruggedcom Win7000 Firmware, Ruggedcom Win7018 Firmware, Ruggedcom Win7025 Firmware, Ruggedcom Win7200 Firmware · Belden: Hirschmann Hios, Garrettcom Magnum Dx940e Firmware
Windriver
1 product
Vxworks
Netapp
1 product
E Series Santricity Os Controller
Sonicwall
1 product
Sonicos
Siemens
7 products
Siprotec 5 Firmware
Power Meter 9410 Firmware
Power Meter 9810 Firmware
Ruggedcom Win7000 Firmware
Ruggedcom Win7018 Firmware
Ruggedcom Win7025 Firmware
Ruggedcom Win7200 Firmware
Belden
2 products
Hirschmann Hios
Garrettcom Magnum Dx940e Firmware
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Vxworks
From 6.5 to 6.9.4
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
E Series Santricity Os Controller
From 8.00 to 8.40.50.00
Configuration C
16 vulnerable
Vulnerable SoftwareAffected Versions
Sonicwall
Sonicos
From 5.9.0.0 to 5.9.0.7
Sonicos
From 5.9.1.0. to 5.9.1.12
Sonicos
From 6.2.0.0 to 6.2.3.1
Sonicos
From 6.2.4.0 to 6.2.4.3
Sonicos
From 6.2.5.0 to 6.2.5.3
Sonicos
From 6.2.6.0 to 6.2.6.1
Sonicos
From 6.2.7.0 to 6.2.7.4
Sonicos
From 6.2.9.0 to 6.2.9.2
Sonicos
From 6.5.0.0 to 6.5.0.3
Sonicos
From 6.5.1.0 to 6.5.1.4
Sonicos
From 6.5.2.0 to 6.5.2.3
Sonicos
From 6.5.3.0 to 6.5.3.3
Sonicos
From 6.5.4.0. to 6.5.4.3
Sonicos
Version 6.2.7.0
Sonicos
Version 6.2.7.1
Sonicos
Version 6.2.7.7
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siprotec 5 Firmware
Before 7.91
Running on/withPlatform Versions
Siemens
Siprotec 5
All versions
Configuration E
1 vulnerable
Vulnerable SoftwareAffected Versions
Siprotec 5 Firmware
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Siprotec 5 Firmware
All versions
Running on/withPlatform Versions
Siemens
Siprotec 5
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Power Meter 9410 Firmware
Before 2.2.1
Running on/withPlatform Versions
Siemens
Power Meter 9410
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Power Meter 9810 Firmware
All versions
Running on/withPlatform Versions
Siemens
Power Meter 9810
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ruggedcom Win7000 Firmware
Before bs5.2.461.17
Running on/withPlatform Versions
Siemens
Ruggedcom Win7000
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ruggedcom Win7018 Firmware
Before bs5.2.461.17
Running on/withPlatform Versions
Siemens
Ruggedcom Win7018
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ruggedcom Win7025 Firmware
Before bs5.2.461.17
Running on/withPlatform Versions
Siemens
Ruggedcom Win7025
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ruggedcom Win7200 Firmware
Before bs5.2.461.17
Running on/withPlatform Versions
Siemens
Ruggedcom Win7200
All versions
Configuration M
1 vulnerable · 23 platform
Vulnerable SoftwareAffected Versions
Hirschmann Hios
Up to 07.0.07
Running on/withPlatform Versions
Belden
Hirschmann Ees20
All versions
Belden
Hirschmann Ees25
All versions
Belden
Hirschmann Eesx20
All versions
Belden
Hirschmann Eesx30
All versions
Belden
Hirschmann Grs1020
All versions
Belden
Hirschmann Grs1030
All versions
Belden
Hirschmann Grs1042
All versions
Belden
Hirschmann Grs1120
All versions
Belden
Hirschmann Grs1130
All versions
Belden
Hirschmann Grs1142
All versions
Belden
Hirschmann Msp30
All versions
Belden
Hirschmann Msp32
All versions
Belden
Hirschmann Rail Switch Power Lite
All versions
Belden
Hirschmann Rail Switch Power Smart
All versions
Belden
Hirschmann Red25
All versions
Belden
Hirschmann Rsp20
All versions
Belden
Hirschmann Rsp25
All versions
Belden
Hirschmann Rsp30
All versions
Belden
Hirschmann Rsp35
All versions
Belden
Hirschmann Rspe30
All versions
Belden
Hirschmann Rspe32
All versions
Belden
Hirschmann Rspe35
All versions
Belden
Hirschmann Rspe37
All versions
Configuration N
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Hirschmann Hios
Up to 07.5.01
Running on/withPlatform Versions
Belden
Hirschmann Msp40
All versions
Belden
Hirschmann Octopus Os3
All versions
Configuration O
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Hirschmann Hios
Up to 07.2.04
Running on/withPlatform Versions
Belden
Hirschmann Dragon Mach4000
All versions
Belden
Hirschmann Dragon Mach4500
All versions
Configuration P
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Hirschmann Hios
Up to 05.3.06
Running on/withPlatform Versions
Belden
Hirschmann Eagle20
All versions
Belden
Hirschmann Eagle30
All versions
Belden
Hirschmann Eagle One
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Garrettcom Magnum Dx940e Firmware
Up to 1.0.1_y7
Running on/withPlatform Versions
Belden
Garrettcom Magnum Dx940e
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (22)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Issue TrackingVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.