CVE-2019-12264

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.

CVSS v3 7.1 HIGH
CVSS v2.0 4.8 MEDIUM

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

4.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 6.5 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf	Third Party Advisory
https://support.f5.com/csp/article/K41190253	Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us	Third Party Advisory
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12264	Vendor Advisory
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:windriver:vxworks:6.6:::::::*
	cpe:2.3:o:windriver:vxworks:6.7:::::::*
	cpe:2.3:o:windriver:vxworks:6.8:::::::*
	cpe:2.3:o:windriver:vxworks:6.9.3:::::::*
	cpe:2.3:o:windriver:vxworks:6.9.4:::::::*
	cpe:2.3:o:windriver:vxworks:7.0:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:belden:hirschmann_ees20:-:::::::*
	cpe:2.3:h:belden:hirschmann_ees25:-:::::::*
	cpe:2.3:h:belden:hirschmann_eesx20:-:::::::*
	cpe:2.3:h:belden:hirschmann_eesx30:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1020:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1030:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1042:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1120:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1130:-:::::::*
	cpe:2.3:h:belden:hirschmann_grs1142:-:::::::*
	cpe:2.3:h:belden:hirschmann_msp30:-:::::::*
	cpe:2.3:h:belden:hirschmann_msp32:-:::::::*
	cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:::::::*
	cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-:::::::*
	cpe:2.3:h:belden:hirschmann_red25:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsp20:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsp25:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsp30:-:::::::*
	cpe:2.3:h:belden:hirschmann_rsp35:-:::::::*
	cpe:2.3:h:belden:hirschmann_rspe30:-:::::::*
	cpe:2.3:h:belden:hirschmann_rspe32:-:::::::*
	cpe:2.3:h:belden:hirschmann_rspe35:-:::::::*
	cpe:2.3:h:belden:hirschmann_rspe37:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:belden:hirschmann_msp40:-:::::::*
	cpe:2.3:h:belden:hirschmann_octopus_os3:-:::::::*

Configuration 4 (hide)

AND

cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:belden:hirschmann_dragon_mach4000:-:::::::*
	cpe:2.3:h:belden:hirschmann_dragon_mach4500:-:::::::*

Configuration 5 (hide)

AND

cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:belden:hirschmann_eagle_one:-:::::::*
	cpe:2.3:h:belden:hirschmann_eagle20:-:::::::*
	cpe:2.3:h:belden:hirschmann_eagle30:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:belden:garrettcom_magnum_dx940e:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_win7000:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_win7018:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_win7025:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:siemens:ruggedcom_win7200:-:*:*:*:*:*:*:*

History

16 Jun 2022, 18:10

Type	Values Removed	Values Added
CPE		cpe:2.3:h:belden:hirschmann_grs1142:-:::::::* cpe:2.3:h:belden:hirschmann_msp40:-:::::::* cpe:2.3:h:belden:hirschmann_octopus_os3:-:::::::* cpe:2.3:h:belden:garrettcom_magnum_dx940e:-:::::::* cpe:2.3:h:belden:hirschmann_rsp20:-:::::::* cpe:2.3:h:belden:hirschmann_rsp25:-:::::::* cpe:2.3:h:belden:hirschmann_dragon_mach4500:-:::::::* cpe:2.3:h:belden:hirschmann_eesx30:-:::::::* cpe:2.3:h:belden:hirschmann_eagle30:-:::::::* cpe:2.3:h:belden:hirschmann_eagle20:-:::::::* cpe:2.3:h:belden:hirschmann_msp32:-:::::::* cpe:2.3:o:siemens:ruggedcom_win7200_firmware:::::::: cpe:2.3:o:belden:hirschmann_hios:::::::: cpe:2.3:h:belden:hirschmann_red25:-:::::::* cpe:2.3:h:belden:hirschmann_dragon_mach4000:-:::::::* cpe:2.3:h:siemens:ruggedcom_win7025:-:::::::* cpe:2.3:h:belden:hirschmann_ees25:-:::::::* cpe:2.3:h:belden:hirschmann_rsp30:-:::::::* cpe:2.3:h:belden:hirschmann_grs1020:-:::::::* cpe:2.3:h:belden:hirschmann_grs1030:-:::::::* cpe:2.3:h:belden:hirschmann_rail_switch_power_smart:-:::::::* cpe:2.3:o:siemens:ruggedcom_win7018_firmware:::::::: cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:::::::: cpe:2.3:h:belden:hirschmann_rspe35:-:::::::* cpe:2.3:h:siemens:ruggedcom_win7200:-:::::::* cpe:2.3:h:belden:hirschmann_msp30:-:::::::* cpe:2.3:h:belden:hirschmann_rspe30:-:::::::* cpe:2.3:h:belden:hirschmann_grs1120:-:::::::* cpe:2.3:h:belden:hirschmann_rspe32:-:::::::* cpe:2.3:h:belden:hirschmann_grs1130:-:::::::* cpe:2.3:h:belden:hirschmann_rspe37:-:::::::* cpe:2.3:h:belden:hirschmann_rsp35:-:::::::* cpe:2.3:h:siemens:ruggedcom_win7018:-:::::::* cpe:2.3:o:siemens:ruggedcom_win7000_firmware:::::::: cpe:2.3:h:belden:hirschmann_ees20:-:::::::* cpe:2.3:h:belden:hirschmann_eagle_one:-:::::::* cpe:2.3:h:siemens:ruggedcom_win7000:-:::::::* cpe:2.3:h:belden:hirschmann_rail_switch_power_lite:-:::::::* cpe:2.3:h:belden:hirschmann_eesx20:-:::::::* cpe:2.3:h:belden:hirschmann_grs1042:-:::::::* cpe:2.3:o:siemens:ruggedcom_win7025_firmware::::::::
References	~~(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf -~~	(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf - Third Party Advisory
References	~~(CONFIRM) https://support.f5.com/csp/article/K41190253 -~~	(CONFIRM) https://support.f5.com/csp/article/K41190253 - Third Party Advisory
References	~~(CONFIRM) https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us -~~	(CONFIRM) https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us - Third Party Advisory

07 Sep 2021, 14:41

Type	Values Removed	Values Added
CPE	cpe:2.3:o:windriver:vxworks:7:::::::*	cpe:2.3:o:windriver:vxworks:7.0:::::::*

Information

Published : 2019-08-05 18:15

Updated : 2024-02-04 20:20

NVD link : CVE-2019-12264

Mitre link : CVE-2019-12264

CVE.ORG link : CVE-2019-12264

JSON object : View

Products Affected

belden

hirschmann_grs1120
garrettcom_magnum_dx940e_firmware
hirschmann_rsp20
hirschmann_msp30
hirschmann_eagle_one
garrettcom_magnum_dx940e
hirschmann_eesx30
hirschmann_ees20
hirschmann_rspe30
hirschmann_rspe37
hirschmann_rspe35
hirschmann_grs1042
hirschmann_grs1020
hirschmann_grs1130
hirschmann_eagle20
hirschmann_eagle30
hirschmann_rail_switch_power_smart
hirschmann_rspe32
hirschmann_rsp35
hirschmann_rail_switch_power_lite
hirschmann_msp32
hirschmann_rsp25
hirschmann_eesx20
hirschmann_dragon_mach4000
hirschmann_grs1142
hirschmann_octopus_os3
hirschmann_rsp30
hirschmann_hios
hirschmann_msp40
hirschmann_red25
hirschmann_ees25
hirschmann_grs1030
hirschmann_dragon_mach4500

siemens

ruggedcom_win7200
ruggedcom_win7000
ruggedcom_win7018
ruggedcom_win7000_firmware
ruggedcom_win7200_firmware
ruggedcom_win7018_firmware
ruggedcom_win7025
ruggedcom_win7025_firmware

windriver

vxworks

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

7.1 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

4.8 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-12264

7.1^/10

4.8^/10

Attach tags to `CVE-2019-12264`