CVE-2019-12263: Buffer Overflow
First published: Fri Aug 09 2019(Updated: )
Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wind River VxWorks | >=6.5<6.9.4.12 | |
| Wind River VxWorks | =7.0 | |
| SonicWall SonicOS | >=5.9.0.0<=5.9.0.7 | |
| SonicWall SonicOS | >=5.9.1.0.<=5.9.1.12 | |
| SonicWall SonicOS | >=6.2.0.0<=6.2.3.1 | |
| SonicWall SonicOS | >=6.2.4.0<=6.2.4.3 | |
| SonicWall SonicOS | >=6.2.5.0<=6.2.5.3 | |
| SonicWall SonicOS | >=6.2.6.0<=6.2.6.1 | |
| SonicWall SonicOS | >=6.2.7.0<=6.2.7.4 | |
| SonicWall SonicOS | >=6.2.9.0<=6.2.9.2 | |
| SonicWall SonicOS | >=6.5.0.0<=6.5.0.3 | |
| SonicWall SonicOS | >=6.5.1.0<=6.5.1.4 | |
| SonicWall SonicOS | >=6.5.2.0<=6.5.2.3 | |
| SonicWall SonicOS | >=6.5.3.0<=6.5.3.3 | |
| SonicWall SonicOS | >=6.5.4.0.<=6.5.4.3 | |
| SonicWall SonicOS | =6.2.7.0 | |
| SonicWall SonicOS | =6.2.7.1 | |
| SonicWall SonicOS | =6.2.7.7 | |
| Siemens SIPROTEC firmware | <7.59 | |
| Siemens SIPROTEC firmware | ||
| NetApp E-Series SANtricity OS Controller | >=8.00<=8.40.50.00 | |
| Siemens SIPROTEC firmware | <7.91 | |
| Siemens 9410 Power Meter Firmware | <2.2.1 | |
| Siemens 9410 Power Meter Firmware | ||
| Siemens 9810 Power Meter Firmware | ||
| Siemens 9810 Power Meter | ||
| Siemens RuggedCom Win7000 | <bs5.2.461.17 | |
| Siemens Ruggedcom Win7000 Firmware | ||
| Siemens RuggedCom WIN7018 Firmware | <bs5.2.461.17 | |
| Siemens RuggedCom WIN7018 Firmware | ||
| Siemens Ruggedcom Win7025 Firmware | <bs5.2.461.17 | |
| Siemens Ruggedcom Win7025 Firmware | ||
| Siemens Ruggedcom WIN7200 Firmware | <bs5.2.461.17 | |
| Siemens Ruggedcom WIN7200 Firmware | ||
| Belden Hirschmann HIOS | <=07.0.07 | |
| Belden Hirschmann EES20 | ||
| Belden Hirschmann EES25 | ||
| Belden Hirschmann EESX20 | ||
| Belden Hirschmann EESX30 | ||
| Belden Hirschmann GRS1020 | ||
| Belden Hirschmann GRS1030 | ||
| Belden Hirschmann GRS1042 | ||
| Belden Hirschmann GRS1120 | ||
| Belden Hirschmann GRS1130 | ||
| Belden Hirschmann GRS1142 | ||
| Belden Hirschmann MSP30 | ||
| Belden Hirschmann MSP32 | ||
| Belden Hirschmann Rail Switch Power Lite | ||
| Belden Hirschmann Rail Switch Power Smart | ||
| Belden Hirschmann RED25 | ||
| Belden Hirschmann RSP20 | ||
| Belden Hirschmann RSP25 | ||
| Belden Hirschmann RSP30 | ||
| Belden Hirschmann RSP35 | ||
| Belden Hirschmann RSP-E30 | ||
| Belden Hirschmann RSPE32 | ||
| Belden Hirschmann RSPE35 | ||
| Belden Hirschmann RSPE37 | ||
| Belden Hirschmann HIOS | <=07.5.01 | |
| Belden Hirschmann MSP40 | ||
| Belden Hirschmann Octopus | ||
| Belden Hirschmann HIOS | <=07.2.04 | |
| Belden Hirschmann Dragon MACH4000 | ||
| Belden Hirschmann Dragon MACH4500 | ||
| Belden Hirschmann HIOS | <=05.3.06 | |
| Eagle One | ||
| Belden Eagle 20 Tofino | ||
| Belden Hirschmann Eagle30 | ||
| Garrettcom Magnum DX940E | <=1.0.1_y7 | |
| Garrettcom Magnum DX940E |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009
- https://security.netapp.com/advisory/ntap-20190802-0001/
- https://support.f5.com/csp/article/K41190253
- https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12263
- https://support2.windriver.com/index.php?page=security-notices
- https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
Frequently Asked Questions
What is the severity of CVE-2019-12263?
CVE-2019-12263 is rated as a critical severity vulnerability due to its potential to cause a buffer overflow in the TCP component of Wind River VxWorks.
How do I fix CVE-2019-12263?
To mitigate CVE-2019-12263, users should apply the latest patches and updates provided by Wind River for affected versions of VxWorks.
Which versions of Wind River VxWorks are affected by CVE-2019-12263?
CVE-2019-12263 affects Wind River VxWorks versions 6.5 through 6.9.4.12 and version 7.0.
What type of vulnerability is CVE-2019-12263?
CVE-2019-12263 is a buffer overflow vulnerability stemming from a race condition in the TCP Urgent Pointer handling.
Are there any workarounds for CVE-2019-12263?
As a temporary measure, restricting network access or disabling services that rely on the TCP URG flag could mitigate risks related to CVE-2019-12263.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/weakness
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/windriver
- canonical/wind river vxworks
- version/wind river vxworks/6.5
- version/wind river vxworks/7.0
- vendor/sonicwall
- canonical/sonicwall sonicos
- version/sonicwall sonicos/5.9.0.0
- version/sonicwall sonicos/5.9.0.7
- version/sonicwall sonicos/5.9.1.0.
- version/sonicwall sonicos/5.9.1.12
- version/sonicwall sonicos/6.2.0.0
- version/sonicwall sonicos/6.2.3.1
- version/sonicwall sonicos/6.2.4.0
- version/sonicwall sonicos/6.2.4.3
- version/sonicwall sonicos/6.2.5.0
- version/sonicwall sonicos/6.2.5.3
- version/sonicwall sonicos/6.2.6.0
- version/sonicwall sonicos/6.2.6.1
- version/sonicwall sonicos/6.2.7.0
- version/sonicwall sonicos/6.2.7.4
- version/sonicwall sonicos/6.2.9.0
- version/sonicwall sonicos/6.2.9.2
- version/sonicwall sonicos/6.5.0.0
- version/sonicwall sonicos/6.5.0.3
- version/sonicwall sonicos/6.5.1.0
- version/sonicwall sonicos/6.5.1.4
- version/sonicwall sonicos/6.5.2.0
- version/sonicwall sonicos/6.5.2.3
- version/sonicwall sonicos/6.5.3.0
- version/sonicwall sonicos/6.5.3.3
- version/sonicwall sonicos/6.5.4.0.
- version/sonicwall sonicos/6.5.4.3
- version/sonicwall sonicos/6.2.7.1
- version/sonicwall sonicos/6.2.7.7
- vendor/siemens
- canonical/siemens siprotec firmware
- vendor/netapp
- canonical/netapp e-series santricity os controller
- version/netapp e-series santricity os controller/8.00
- version/netapp e-series santricity os controller/8.40.50.00
- canonical/siemens 9410 power meter firmware
- canonical/siemens 9810 power meter firmware
- canonical/siemens 9810 power meter
- canonical/siemens ruggedcom win7000
- canonical/siemens ruggedcom win7000 firmware
- canonical/siemens ruggedcom win7018 firmware
- canonical/siemens ruggedcom win7025 firmware
- canonical/siemens ruggedcom win7200 firmware
- vendor/belden
- canonical/belden hirschmann hios
- version/belden hirschmann hios/07.0.07
- canonical/belden hirschmann ees20
- canonical/belden hirschmann ees25
- canonical/belden hirschmann eesx20
- canonical/belden hirschmann eesx30
- canonical/belden hirschmann grs1020
- canonical/belden hirschmann grs1030
- canonical/belden hirschmann grs1042
- canonical/belden hirschmann grs1120
- canonical/belden hirschmann grs1130
- canonical/belden hirschmann grs1142
- canonical/belden hirschmann msp30
- canonical/belden hirschmann msp32
- canonical/belden hirschmann rail switch power lite
- canonical/belden hirschmann rail switch power smart
- canonical/belden hirschmann red25
- canonical/belden hirschmann rsp20
- canonical/belden hirschmann rsp25
- canonical/belden hirschmann rsp30
- canonical/belden hirschmann rsp35
- canonical/belden hirschmann rsp-e30
- canonical/belden hirschmann rspe32
- canonical/belden hirschmann rspe35
- canonical/belden hirschmann rspe37
- version/belden hirschmann hios/07.5.01
- canonical/belden hirschmann msp40
- canonical/belden hirschmann octopus
- version/belden hirschmann hios/07.2.04
- canonical/belden hirschmann dragon mach4000
- canonical/belden hirschmann dragon mach4500
- version/belden hirschmann hios/05.3.06
- canonical/eagle one
- canonical/belden eagle 20 tofino
- canonical/belden hirschmann eagle30
- canonical/garrettcom magnum dx940e
- version/garrettcom magnum dx940e/1.0.1_y7