CVE-2010-2965

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804.

El servicio WDB target agent debug en Wind River VxWorks v6.x, v5.x, y anteriores, como los usados en el Rockwell Automation 1756-ENBT serie A con firmware v3.2.6 y v3.6.1 y otros productos, permiten a atacantes remotos leer o modificar a su elección direcciones de memoria, realizar llamdas a funciones, o administrar tareas a través de peticiones UDP al puerto 17185, relacionado con el comportamiento de CVE-2005-3804.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-08-04 CVE Reserved
2010-08-04 CVE Published
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-863: Incorrect Authorization

CAPEC

References (4)

URL	Tag	Source
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html	Not Applicable
http://www.kb.cert.org/vuls/id/362332	Third Party Advisory
http://www.kb.cert.org/vuls/id/MAPG-86EPFA	Third Party Advisory
http://www.kb.cert.org/vuls/id/MAPG-86FPQL	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rockwellautomation Search vendor "Rockwellautomation"	1756-enbt\/a Firmware Search vendor "Rockwellautomation" for product "1756-enbt\/a Firmware"	3.2.6 Search vendor "Rockwellautomation" for product "1756-enbt\/a Firmware" and version "3.2.6"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1756-enbt\/a Search vendor "Rockwellautomation" for product "1756-enbt\/a"	-	-	Safe
Rockwellautomation Search vendor "Rockwellautomation"	1756-enbt\/a Firmware Search vendor "Rockwellautomation" for product "1756-enbt\/a Firmware"	3.6.1 Search vendor "Rockwellautomation" for product "1756-enbt\/a Firmware" and version "3.6.1"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1756-enbt\/a Search vendor "Rockwellautomation" for product "1756-enbt\/a"	-	-	Safe
Windriver Search vendor "Windriver"	Vxworks Search vendor "Windriver" for product "Vxworks"	<= 6.9.4.12 Search vendor "Windriver" for product "Vxworks" and version " <= 6.9.4.12"	-	Affected	in	Rockwellautomation Search vendor "Rockwellautomation"	1756-enbt\/a Search vendor "Rockwellautomation" for product "1756-enbt\/a"	-	-	Safe