CVSS: 9.8EPSS: 21%CPEs: 72EXPL: 0CVE-2019-12260
https://notcve.org/view.php?id=CVE-2019-12260
09 Aug 2019 — Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. Wind River VxWorks versiones 6.9 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 2 de 4). Se trata de una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer causada por una opción AO de TCP malformada. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 11%CPEs: 71EXPL: 1CVE-2019-12258 – URGENT/11 Scanner, Based on Detection Tool by Armis
https://notcve.org/view.php?id=CVE-2019-12258
09 Aug 2019 — Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. Wind River VxWorks versiones 6.6 hasta vx7, presenta una Fijación de Sesión en el componente TCP. Se trata de una vulnerabilidad de seguridad de IPNET: DoS de la conexión TCP por medio de opciones TCP malformadas. • https://packetstorm.news/files/id/180933 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 76%CPEs: 72EXPL: 4CVE-2019-12255 – VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
https://notcve.org/view.php?id=CVE-2019-12255
09 Aug 2019 — Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Wind River VxWorks presenta un desbordamiento de búfer en el componente TCP (problema 1 de 4). Esta es una vulnerabilidad de seguridad de IPNET: TCP Urgent Pointer = 0 que conduce a un desbordamiento de enteros. VxWorks version 6.8 suffers from an integer underflow vulnerability. • https://packetstorm.news/files/id/154022 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 4%CPEs: 73EXPL: 0CVE-2019-12265
https://notcve.org/view.php?id=CVE-2019-12265
09 Aug 2019 — Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. Wind River VxWorks versiones 6.5, 6.6, 6.7, 6.8, 6.9.3 y 6.9.4, presenta una Pérdida de Memoria en el componente cliente IGMPv3. Se presenta una vulnerabilidad de seguridad de IPNET: Un filtrado de información de IGMP por medio de un reporte de membresía específico de IGMPv3. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.1EPSS: 1%CPEs: 71EXPL: 0CVE-2019-12263
https://notcve.org/view.php?id=CVE-2019-12263
09 Aug 2019 — Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. Wind River VxWorks versiones 6.9.4 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 4 de 4). Se presenta una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer debido a una condición de carrera. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 9%CPEs: 74EXPL: 0CVE-2019-12259
https://notcve.org/view.php?id=CVE-2019-12259
09 Aug 2019 — Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. Wind River VxWorks versiones 6.6, 6.7 , 6.8, 6.9 y vx7, presenta un error de índice de matriz en el componente cliente IGMPv3. Se presenta una vulnerabilidad de seguridad de IPNET: DoS por medio de una desreferencia de NULL en el análisis IGMP. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 8%CPEs: 70EXPL: 0CVE-2019-12256
https://notcve.org/view.php?id=CVE-2019-12256
09 Aug 2019 — Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. There is an IPNET security vulnerability: Stack overflow in the parsing of IPv4 packets’ IP options. Wind River VxWorks 6.9 y vx7 tiene un desbordamiento de búfer en el componente IPv4. Existe una vulnerabilidad de seguridad IPNET: desbordamiento de pila en el análisis de las opciones IP de los paquetes IPv4. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 14%CPEs: 66EXPL: 0CVE-2019-12257
https://notcve.org/view.php?id=CVE-2019-12257
09 Aug 2019 — Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc. Wind River VxWorks versiones 6.6 y 6.9, presenta un Desbordamiento de Búfer en el componente cliente DHCP. Se presenta una vulnerabilidad de seguridad de IPNET: Desbordamiento de la pila en análisis Offer/ACK de DHCP dentro de ipdhcpc. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2019-10938
https://notcve.org/view.php?id=CVE-2019-10938
02 Aug 2019 — A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power Meters Series 9810 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation... • https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2019-10930
https://notcve.org/view.php?id=CVE-2019-10930
11 Jul 2019 — A vulnerability has been identified in All other SIPROTEC 5 device types with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions ), DIGSI 5 engineering software (All versions < V7.90), SIPROTEC 5 device types 6MD85, 6MD86, 6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87, 7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86, 7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82, 7UT85, 7UT86, 7UT87 and 7VE85 with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All ve... • https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-552: Files or Directories Accessible to External Parties •