CVE-2019-12255

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow.
References
Link Resource
http://packetstormsecurity.com/files/154022/VxWorks-6.8-Integer-Underflow.html Exploit Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 Third Party Advisory
https://security.netapp.com/advisory/ntap-20190802-0001/ Third Party Advisory
https://support.f5.com/csp/article/K41190253 Third Party Advisory
https://support.f5.com/csp/article/K41190253?utm_source=f5support&amp%3Butm_medium=RSS
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12255 Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices Issue Tracking Vendor Advisory
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/ Vendor Advisory
http://packetstormsecurity.com/files/154022/VxWorks-6.8-Integer-Underflow.html Exploit Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 Third Party Advisory
https://security.netapp.com/advisory/ntap-20190802-0001/ Third Party Advisory
https://support.f5.com/csp/article/K41190253 Third Party Advisory
https://support.f5.com/csp/article/K41190253?utm_source=f5support&amp%3Butm_medium=RSS
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12255 Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices Issue Tracking Vendor Advisory
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/ Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:6.2.7.0:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:6.2.7.1:*:*:*:*:*:*:*
cpe:2.3:o:sonicwall:sonicos:6.2.7.7:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp300
cpe:2.3:h:siemens:siprotec_5:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp200
cpe:2.3:o:siemens:siprotec_5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:siemens:siprotec_5_firmware:*:*:*:*:*:*:*:cp300
cpe:2.3:o:siemens:siprotec_5:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:siemens:power_meter_9410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:power_meter_9410:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:siemens:power_meter_9810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:power_meter_9810:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_win7018:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_win7025:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:belden:hirschmann_ees20:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_ees25:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_eesx20:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_eesx30:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1020:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1030:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1042:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1120:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1130:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1142:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_msp30:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_msp32:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_red25:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rsp20:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rsp25:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rsp30:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rsp35:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rspe30:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rspe32:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rspe35:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rspe37:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:belden:hirschmann_msp40:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_octopus_os3:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:belden:hirschmann_dragon_mach4000:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_dragon_mach4500:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
OR cpe:2.3:h:belden:hirschmann_eagle_one:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_eagle20:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_eagle30:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:belden:garrettcom_magnum_dx940e:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:22

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/154022/VxWorks-6.8-Integer-Underflow.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/154022/VxWorks-6.8-Integer-Underflow.html - Exploit, Third Party Advisory, VDB Entry
References () https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf - Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf - Third Party Advisory
References () https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf - Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf - Third Party Advisory
References () https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf - Third Party Advisory () https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf - Third Party Advisory
References () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 - Third Party Advisory () https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009 - Third Party Advisory
References () https://security.netapp.com/advisory/ntap-20190802-0001/ - Third Party Advisory () https://security.netapp.com/advisory/ntap-20190802-0001/ - Third Party Advisory
References () https://support.f5.com/csp/article/K41190253 - Third Party Advisory () https://support.f5.com/csp/article/K41190253 - Third Party Advisory
References () https://support.f5.com/csp/article/K41190253?utm_source=f5support&amp%3Butm_medium=RSS - () https://support.f5.com/csp/article/K41190253?utm_source=f5support&amp%3Butm_medium=RSS -
References () https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12255 - Vendor Advisory () https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12255 - Vendor Advisory
References () https://support2.windriver.com/index.php?page=security-notices - Issue Tracking, Vendor Advisory () https://support2.windriver.com/index.php?page=security-notices - Issue Tracking, Vendor Advisory
References () https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/ - Vendor Advisory () https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/ - Vendor Advisory

16 Jun 2022, 18:06

Type Values Removed Values Added
CPE cpe:2.3:h:belden:hirschmann_grs1142:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_msp40:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_octopus_os3:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:garrettcom_magnum_dx940e:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rsp20:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rsp25:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_dragon_mach4500:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_eesx30:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_eagle30:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_eagle20:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_msp32:-:*:*:*:*:*:*:*
cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_red25:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_dragon_mach4000:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_ees25:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rsp30:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1020:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1030:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-:*:*:*:*:*:*:*
cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rspe35:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_msp30:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1120:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rspe32:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1042:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_grs1130:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rspe37:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rsp35:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_ees20:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_eagle_one:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_eesx20:-:*:*:*:*:*:*:*
cpe:2.3:h:belden:hirschmann_rspe30:-:*:*:*:*:*:*:*

10 Feb 2022, 19:50

Type Values Removed Values Added
CWE CWE-119 CWE-120
CPE cpe:2.3:o:netap:e-series_santricity_os_controller:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:power_meter_9410:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_win7025:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:power_meter_9810:-:*:*:*:*:*:*:*
cpe:2.3:h:siemens:ruggedcom_win7018:-:*:*:*:*:*:*:*
cpe:2.3:o:siemens:power_meter_9410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:power_meter_9810_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:*
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf - Third Party Advisory
References (CONFIRM) https://support.f5.com/csp/article/K41190253?utm_source=f5support&utm_medium=RSS - (CONFIRM) https://support.f5.com/csp/article/K41190253?utm_source=f5support&utm_medium=RSS - Third Party Advisory
References (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf - (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf - Third Party Advisory

Information

Published : 2019-08-09 20:15

Updated : 2024-11-21 04:22


NVD link : CVE-2019-12255

Mitre link : CVE-2019-12255

CVE.ORG link : CVE-2019-12255


JSON object : View

Products Affected

belden

  • hirschmann_grs1142
  • hirschmann_rsp25
  • hirschmann_rspe37
  • hirschmann_rspe30
  • hirschmann_rspe32
  • hirschmann_eesx20
  • hirschmann_red25
  • hirschmann_eagle20
  • hirschmann_rail_switch_power_smart
  • hirschmann_rsp30
  • hirschmann_rspe35
  • garrettcom_magnum_dx940e_firmware
  • hirschmann_dragon_mach4500
  • garrettcom_magnum_dx940e
  • hirschmann_ees25
  • hirschmann_rsp20
  • hirschmann_rail_switch_power_lite
  • hirschmann_grs1120
  • hirschmann_ees20
  • hirschmann_grs1042
  • hirschmann_msp40
  • hirschmann_eagle_one
  • hirschmann_rsp35
  • hirschmann_grs1130
  • hirschmann_eagle30
  • hirschmann_dragon_mach4000
  • hirschmann_hios
  • hirschmann_grs1020
  • hirschmann_grs1030
  • hirschmann_msp30
  • hirschmann_msp32
  • hirschmann_octopus_os3
  • hirschmann_eesx30

siemens

  • ruggedcom_win7200
  • ruggedcom_win7000_firmware
  • power_meter_9410
  • ruggedcom_win7018
  • ruggedcom_win7200_firmware
  • ruggedcom_win7025_firmware
  • siprotec_5
  • siprotec_5_firmware
  • ruggedcom_win7025
  • ruggedcom_win7000
  • power_meter_9410_firmware
  • power_meter_9810
  • power_meter_9810_firmware
  • ruggedcom_win7018_firmware

windriver

  • vxworks

netapp

  • e-series_santricity_os_controller

sonicwall

  • sonicos
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')