CVE-2015-3963
First published: Tue Aug 04 2015(Updated: )
Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wind River VxWorks | >=6.5<=6.6 | |
| Wind River VxWorks | >=6.7<6.7.1.1 | |
| Wind River VxWorks | >=6.8<6.8.3 | |
| Wind River VxWorks | >=6.9<6.9.4.4 | |
| Wind River VxWorks | =6.6.3 | |
| Wind River VxWorks | =6.6.4 | |
| Wind River VxWorks | =6.6.4.1 | |
| Wind River VxWorks | =7.0 | |
| Sage 1210 | ||
| Sage 1230 | ||
| Schneider Electric Sage 1250 | ||
| Schneider Electric Sage 1310 | ||
| Schneider Electric Sage 1330 | ||
| Schneider Electric Sage 1350 | ||
| Sage 1410 | ||
| Sage 1430 | ||
| Sage 1450 | ||
| Schneider Electric Sage 2200 | ||
| Schneider Electric Sage 2400 | ||
| Schneider-electric Telvent Sage 3030 Firmware | ||
| Sage 3030 Magnum |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01
- http://www.securityfocus.com/bid/75302
- http://www.securitytracker.com/id/1032730
- http://www.securitytracker.com/id/1033181
- https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01
- https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A
- https://security.netapp.com/advisory/ntap-20160324-0001/
Frequently Asked Questions
What is the severity of CVE-2015-3963?
CVE-2015-3963 is classified as a high severity vulnerability due to improper generation of TCP initial sequence number values.
How do I fix CVE-2015-3963?
To mitigate CVE-2015-3963, update VxWorks to a version that is 5.5.1 or higher, or to 6.7.1.1 or higher for affected 6.5.x to 6.9.x versions.
Which versions of Wind River VxWorks are affected by CVE-2015-3963?
CVE-2015-3963 affects Wind River VxWorks versions prior to 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, and 6.9.x before 6.9.4.4.
What devices commonly use the vulnerable versions of VxWorks related to CVE-2015-3963?
Schneider Electric SAGE RTU devices are commonly affected by CVE-2015-3963 due to their use of vulnerable VxWorks versions.
Can CVE-2015-3963 lead to remote code execution?
Yes, CVE-2015-3963 can potentially be exploited to facilitate remote code execution due to TCP sequence number manipulation.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/windriver
- canonical/wind river vxworks
- version/wind river vxworks/6.5
- version/wind river vxworks/6.6
- version/wind river vxworks/6.7
- version/wind river vxworks/6.8
- version/wind river vxworks/6.9
- version/wind river vxworks/6.6.3
- version/wind river vxworks/6.6.4
- version/wind river vxworks/6.6.4.1
- version/wind river vxworks/7.0
- vendor/schneider-electric
- canonical/sage 1210
- canonical/sage 1230
- canonical/schneider electric sage 1250
- canonical/schneider electric sage 1310
- canonical/schneider electric sage 1330
- canonical/schneider electric sage 1350
- canonical/sage 1410
- canonical/sage 1430
- canonical/sage 1450
- canonical/schneider electric sage 2200
- canonical/schneider electric sage 2400
- canonical/schneider-electric telvent sage 3030 firmware
- canonical/sage 3030 magnum