CVE-2015-3963

Published Aug 4, 2015

Last updated 3 years ago

Overview

Description: Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
Source: ics-cert@hq.dhs.gov
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-330

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F8C5727-B863-4B2D-896B-B079CC49FEBA",
            "versionEndIncluding": "6.6",
            "versionStartIncluding": "6.5"
          },
          {
            "criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12D324CD-4AAD-484B-BC8D-B0C7A76FC556",
            "versionEndExcluding": "6.7.1.1",
            "versionStartIncluding": "6.7"
          },
          {
            "criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E97899-D5E5-4C4D-A553-B15F1DD31041",
            "versionEndExcluding": "6.8.3",
            "versionStartIncluding": "6.8"
          },
          {
            "criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1DE1FEF-4519-45F6-867D-5248A6B4753C",
            "versionEndExcluding": "6.9.4.4",
            "versionStartIncluding": "6.9"
          },
          {
            "criteria": "cpe:2.3:o:windriver:vxworks:6.6.3:*:*:*:cert:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABFC811A-A440-464A-B5C8-1DB9DEAEEAF1"
          },
          {
            "criteria": "cpe:2.3:o:windriver:vxworks:6.6.4:*:*:*:cert:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A048ED68-46C5-49B3-9A8E-12F90CE1B6FB"
          },
          {
            "criteria": "cpe:2.3:o:windriver:vxworks:6.6.4.1:*:*:*:cert:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44AE1224-EFE0-4BA9-8250-1C4BB2F37301"
          },
          {
            "criteria": "cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4810B35-06F6-4971-BE87-A30B1CF58AA0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_1210:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A16A7B3E-0B50-4577-A27C-75422924226C"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_1230:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8EA1F2F1-F8C3-427B-AD6F-778AF0193996"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_1250:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7A95CFF8-563A-45B1-B038-E9DD1AB5C4D0"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_1310:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C9592965-4A3B-4AD8-81F3-EDECC295B567"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_1330:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AEC4C5D0-DB9C-419A-B30B-62514DEDE901"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_1350:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4D66C8C1-E611-47B1-B9CF-32689F86B392"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "02E606BD-92F8-4396-AD13-666D76E1E34D"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97E29CCC-4E21-411E-80DD-545A66E9B042"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "66759867-027F-4FA6-ABA6-BFDEE49E8F8D"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_2200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "82032E41-EE2D-4DC4-8420-6BFE92593061"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AA561E2A-4787-48D7-ABBB-26D0D7D24E6F"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_3030:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "88F83471-9806-4169-937E-27BDF3FC5A57"
          },
          {
            "criteria": "cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "453696F2-0F4C-4000-A438-F814D0FC3504"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References