CVE-2016-20009
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Un desbordamiento del búfer en la región stack de la memoria del cliente DNS en la función ipdnsc_decode_name() afecta a Wind River VxWorks versiones 6.5 hasta 7. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-03-11 CVE Reserved
- 2021-03-11 CVE Published
- 2024-07-14 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-553445.pdf | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Sgt-100 Firmware Search vendor "Siemens" for product "Sgt-100 Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Sgt-100 Search vendor "Siemens" for product "Sgt-100" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sgt-200 Firmware Search vendor "Siemens" for product "Sgt-200 Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Sgt-200 Search vendor "Siemens" for product "Sgt-200" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sgt-300 Firmware Search vendor "Siemens" for product "Sgt-300 Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Sgt-300 Search vendor "Siemens" for product "Sgt-300" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sgt-400 Firmware Search vendor "Siemens" for product "Sgt-400 Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Sgt-400 Search vendor "Siemens" for product "Sgt-400" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sgt-a20 Firmware Search vendor "Siemens" for product "Sgt-a20 Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Sgt-a20 Search vendor "Siemens" for product "Sgt-a20" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sgt-a35 Firmware Search vendor "Siemens" for product "Sgt-a35 Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Sgt-a35 Search vendor "Siemens" for product "Sgt-a35" | - | - |
Safe
|
| Siemens Search vendor "Siemens" | Sgt-a65 Firmware Search vendor "Siemens" for product "Sgt-a65 Firmware" | * | - |
Affected
| in | Siemens Search vendor "Siemens" | Sgt-a65 Search vendor "Siemens" for product "Sgt-a65" | - | - |
Safe
|
| Windriver Search vendor "Windriver" | Vxworks Search vendor "Windriver" for product "Vxworks" | >= 6.5 <= 7.0 Search vendor "Windriver" for product "Vxworks" and version " >= 6.5 <= 7.0" | - |
Affected
| ||||||
* End Of Life in some or all products. Do not expect updates.