CVE-2010-2965
First published: Wed Aug 04 2010(Updated: )
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rockwell Automation 1756-ENBT/A Firmware | =3.2.6 | |
| Rockwell Automation 1756-ENBT/A Firmware | =3.6.1 | |
| Wind River VxWorks | <=6.9.4.12 | |
| RockwellAutomation 1756-ENBT | ||
| All of | ||
| Any of | ||
| Rockwell Automation 1756-ENBT/A Firmware | =3.2.6 | |
| Rockwell Automation 1756-ENBT/A Firmware | =3.6.1 | |
| Wind River VxWorks | <=6.9.4.12 | |
| RockwellAutomation 1756-ENBT |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/MAPG-86FPQL
- http://www.kb.cert.org/vuls/id/MAPG-86EPFA
- http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
- http://www.kb.cert.org/vuls/id/362332
- https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708
- http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735
- http://seclists.org/fulldisclosure/2025/Jan/10
Frequently Asked Questions
What is the severity of CVE-2010-2965?
CVE-2010-2965 is considered a critical vulnerability due to the potential for remote memory access and task management.
How do I fix CVE-2010-2965?
To remediate CVE-2010-2965, update the firmware of the Rockwell Automation 1756-ENBT to a version that addresses this vulnerability.
Which products are affected by CVE-2010-2965?
CVE-2010-2965 affects Wind River VxWorks versions up to 6.9.4.12 and Rockwell Automation 1756-ENBT firmware versions 3.2.6 and 3.6.1.
What actions can attackers take exploiting CVE-2010-2965?
Attackers exploiting CVE-2010-2965 can read or modify arbitrary memory locations, perform unauthorized function calls, or manage tasks.
Is CVE-2010-2965 still a risk if my system is not using the specified firmware?
If your system does not utilize the affected firmware versions for Rockwell Automation 1756-ENBT or Wind River VxWorks, it is not at risk from CVE-2010-2965.
- collector/nvd-historical
- agent/type
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/rockwellautomation
- canonical/rockwell automation 1756-enbt/a firmware
- version/rockwell automation 1756-enbt/a firmware/3.2.6
- version/rockwell automation 1756-enbt/a firmware/3.6.1
- vendor/windriver
- canonical/wind river vxworks
- version/wind river vxworks/6.9.4.12
- canonical/rockwellautomation 1756-enbt