CVE-2015-3963

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01	Patch Third Party Advisory
http://www.securityfocus.com/bid/75302	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032730	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033181	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A	Third Party Advisory US Government Resource
https://security.netapp.com/advisory/ntap-20160324-0001/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:windriver:vxworks::::::::
	cpe:2.3:o:windriver:vxworks::::::::
	cpe:2.3:o:windriver:vxworks::::::::
	cpe:2.3:o:windriver:vxworks::::::::
	cpe:2.3:o:windriver:vxworks:6.6.3::::cert:::
	cpe:2.3:o:windriver:vxworks:6.6.4::::cert:::
	cpe:2.3:o:windriver:vxworks:6.6.4.1::::cert:::
	cpe:2.3:o:windriver:vxworks:7.0:::::::*

OR	cpe:2.3:h:schneider-electric:sage_1210:-:::::::*
	cpe:2.3:h:schneider-electric:sage_1230:-:::::::*
	cpe:2.3:h:schneider-electric:sage_1250:-:::::::*
	cpe:2.3:h:schneider-electric:sage_1310:-:::::::*
	cpe:2.3:h:schneider-electric:sage_1330:-:::::::*
	cpe:2.3:h:schneider-electric:sage_1350:-:::::::*
	cpe:2.3:h:schneider-electric:sage_1410:-:::::::*
	cpe:2.3:h:schneider-electric:sage_1430:-:::::::*
	cpe:2.3:h:schneider-electric:sage_1450:-:::::::*
	cpe:2.3:h:schneider-electric:sage_2200:-:::::::*
	cpe:2.3:h:schneider-electric:sage_2400:-:::::::*
	cpe:2.3:h:schneider-electric:sage_3030:-:::::::*
	cpe:2.3:h:schneider-electric:sage_3030_magnum:-:::::::*

History

22 Jul 2021, 13:09

Type	Values Removed	Values Added
References	~~(CONFIRM) http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01 - Patch~~	(CONFIRM) http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01 - Patch, Third Party Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id/1033181 -~~	(SECTRACK) http://www.securitytracker.com/id/1033181 - Third Party Advisory, VDB Entry
References	~~(BID) http://www.securityfocus.com/bid/75302 -~~	(BID) http://www.securityfocus.com/bid/75302 - Third Party Advisory, VDB Entry
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20160324-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20160324-0001/ - Third Party Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id/1032730 -~~	(SECTRACK) http://www.securitytracker.com/id/1032730 - Third Party Advisory, VDB Entry
References	~~(MISC) https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A -~~	(MISC) https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A - Third Party Advisory, US Government Resource
CPE	cpe:2.3:h:schneider-electic:sage_2200_rtu:::::::: cpe:2.3:o:windriver:vxworks:6.8:::::::* cpe:2.3:h:schneider-electic:sage_1330_rtu:::::::: cpe:2.3:h:schneider-electic:sage_1210_rtu:::::::: cpe:2.3:h:schneider-electic:sage_1450_rtu:::::::: cpe:2.3:o:windriver:vxworks:6.9.3:::::::* cpe:2.3:h:schneider-electic:sage_1410_rtu:::::::: cpe:2.3:o:windriver:vxworks:6.7:::::::* cpe:2.3:o:windriver:vxworks:6.6:::::::* cpe:2.3:h:schneider-electic:sage_1310_rtu:::::::: cpe:2.3:h:schneider-electic:sage_3030_rtu:::::::: cpe:2.3:h:schneider-electic:sage_1230_rtu:::::::: cpe:2.3:h:schneider-electic:sage_1250_rtu:::::::: cpe:2.3:h:schneider-electic:sage_1350_rtu:::::::: cpe:2.3:h:schneider-electic:sage_2400_rtu:::::::: cpe:2.3:h:schneider-electic:sage_1430_rtu:::::::: cpe:2.3:o:windriver:vxworks:6.5:::::::* cpe:2.3:h:schneider-electic:sage_3030_magnum_rtu:::::::: cpe:2.3:o:windriver:vxworks:6.9.4:::::::* cpe:2.3:o:windriver:vxworks:6.9:::::::*	cpe:2.3:h:schneider-electric:sage_1330:-:::::::* cpe:2.3:h:schneider-electric:sage_1230:-:::::::* cpe:2.3:h:schneider-electric:sage_3030:-:::::::* cpe:2.3:h:schneider-electric:sage_1250:-:::::::* cpe:2.3:h:schneider-electric:sage_2400:-:::::::* cpe:2.3:o:windriver:vxworks:6.6.3::::cert::: cpe:2.3:h:schneider-electric:sage_1310:-:::::::* cpe:2.3:h:schneider-electric:sage_1410:-:::::::* cpe:2.3:h:schneider-electric:sage_2200:-:::::::* cpe:2.3:h:schneider-electric:sage_3030_magnum:-:::::::* cpe:2.3:h:schneider-electric:sage_1430:-:::::::* cpe:2.3:o:windriver:vxworks:7.0:::::::* cpe:2.3:o:windriver:vxworks:6.6.4::::cert::: cpe:2.3:h:schneider-electric:sage_1350:-:::::::* cpe:2.3:o:windriver:vxworks:6.6.4.1::::cert::: cpe:2.3:h:schneider-electric:sage_1450:-:::::::* cpe:2.3:h:schneider-electric:sage_1210:-:::::::*
CWE	~~CWE-20~~	CWE-330

Information

Published : 2015-08-04 01:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-3963

Mitre link : CVE-2015-3963

CVE.ORG link : CVE-2015-3963

JSON object : View

Products Affected

schneider-electric

sage_2200
sage_3030
sage_1330
sage_1430
sage_3030_magnum
sage_1310
sage_2400
sage_1350
sage_1230
sage_1450
sage_1410
sage_1250
sage_1210

windriver

vxworks

CWE

CWE-330

Use of Insufficiently Random Values

5.8 /10