CVE-2019-12257

Summary

CVE	CVE-2019-12257
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-08-09 18:15:00 UTC
Updated	2022-08-16 12:59:00 UTC
Description	Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. There is an IPNET security vulnerability: Heap overflow in DHCP Offer/ACK parsing inside ipdhcpc.

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Belden	Garrettcom Magnum Dx940e	-	All	All	All
Operating System	Belden	Garrettcom Magnum Dx940e Firmware	All	All	All	All
Hardware	Belden	Hirschmann Dragon Mach4000	-	All	All	All
Hardware	Belden	Hirschmann Dragon Mach4500	-	All	All	All
Hardware	Belden	Hirschmann Eagle20	-	All	All	All
Hardware	Belden	Hirschmann Eagle30	-	All	All	All
Hardware	Belden	Hirschmann Eagle One	-	All	All	All
Hardware	Belden	Hirschmann Ees20	-	All	All	All
Hardware	Belden	Hirschmann Ees25	-	All	All	All
Hardware	Belden	Hirschmann Eesx20	-	All	All	All
Hardware	Belden	Hirschmann Eesx30	-	All	All	All
Hardware	Belden	Hirschmann Grs1020	-	All	All	All
Hardware	Belden	Hirschmann Grs1030	-	All	All	All
Hardware	Belden	Hirschmann Grs1042	-	All	All	All
Hardware	Belden	Hirschmann Grs1120	-	All	All	All
Hardware	Belden	Hirschmann Grs1130	-	All	All	All
Hardware	Belden	Hirschmann Grs1142	-	All	All	All
Operating System	Belden	Hirschmann Hios	All	All	All	All
Operating System	Belden	Hirschmann Hios	All	All	All	All
Operating System	Belden	Hirschmann Hios	All	All	All	All
Operating System	Belden	Hirschmann Hios	All	All	All	All
Hardware	Belden	Hirschmann Msp30	-	All	All	All
Hardware	Belden	Hirschmann Msp32	-	All	All	All
Hardware	Belden	Hirschmann Msp40	-	All	All	All
Hardware	Belden	Hirschmann Octopus Os3	-	All	All	All
Hardware	Belden	Hirschmann Rail Switch Power Lite	-	All	All	All
Hardware	Belden	Hirschmann Rail Switch Power Smart	-	All	All	All
Hardware	Belden	Hirschmann Red25	-	All	All	All
Hardware	Belden	Hirschmann Rsp20	-	All	All	All
Hardware	Belden	Hirschmann Rsp25	-	All	All	All
Hardware	Belden	Hirschmann Rsp30	-	All	All	All
Hardware	Belden	Hirschmann Rsp35	-	All	All	All
Hardware	Belden	Hirschmann Rspe30	-	All	All	All
Hardware	Belden	Hirschmann Rspe32	-	All	All	All
Hardware	Belden	Hirschmann Rspe35	-	All	All	All
Hardware	Belden	Hirschmann Rspe37	-	All	All	All
Operating System	Netap	E-series Santricity Os Controller	All	All	All	All
Operating System	Netapp	E-series Santricity Os Controller	All	All	All	All
Hardware	Siemens	Ruggedcom Win7000	-	All	All	All
Operating System	Siemens	Ruggedcom Win7000 Firmware	All	All	All	All
Hardware	Siemens	Ruggedcom Win7018	-	All	All	All
Operating System	Siemens	Ruggedcom Win7018 Firmware	All	All	All	All
Hardware	Siemens	Ruggedcom Win7025	-	All	All	All
Operating System	Siemens	Ruggedcom Win7025 Firmware	All	All	All	All
Hardware	Siemens	Ruggedcom Win7200	-	All	All	All
Operating System	Siemens	Ruggedcom Win7200 Firmware	All	All	All	All
Hardware	Siemens	Siprotec 5	-	All	All	All
Operating System	Siemens	Siprotec 5	-	All	All	All
Operating System	Siemens	Siprotec 5	-	All	All	All
Operating System	Siemens	Siprotec 5 Firmware	All	All	All	All
Operating System	Siemens	Siprotec 5 Firmware	All	All	All	All
Operating System	Siemens	Siprotec 5 Firmware	All	All	All	All
Operating System	Siemens	Siprotec 5 Firmware	All	All	All	All
Operating System	Sonicwall	Sonicos	6.2.7.0	All	All	All
Operating System	Sonicwall	Sonicos	6.2.7.1	All	All	All
Operating System	Sonicwall	Sonicos	6.2.7.7	All	All	All
Operating System	Sonicwall	Sonicos	6.2.7.0	All	All	All
Operating System	Sonicwall	Sonicos	6.2.7.1	All	All	All
Operating System	Sonicwall	Sonicos	6.2.7.7	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Sonicwall	Sonicos	All	All	All	All
Operating System	Windriver	Vxworks	All	All	All	All
Operating System	Windriver	Vxworks	All	All	All	All

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf	CONFIRM	cert-portal.siemens.com	Third Party Advisory
Security Advisory	CONFIRM	psirt.global.sonicwall.com	Third Party Advisory
Safety and Security Notices - Wind River Support Network	MISC	support2.windriver.com	Issue Tracking, Vendor Advisory
cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf	CONFIRM	cert-portal.siemens.com
August 2019 VxWorks TCP/IP Stack (IPNET) Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com	Third Party Advisory
SECURITY VULNERABILITY RESPONSE INFORMATION - TCP/IP Network Stack (IPnet, Urgent/11)	CONFIRM	www.windriver.com	Vendor Advisory
CVE-2019-12257 - Wind River Support Network	CONFIRM	support2.windriver.com	Vendor Advisory
support.f5.com/csp/article/K41190253	CONFIRM	support.f5.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

590639 Siemens RUGGEDCOM Win Transmission Control Protocol (TCP) URGENT/11 Multiple Vulnerabilities (SSA-189842)
591308 ABB AFS66x WindRiver VxWorks IPNet Multiple Vulnerabilities (ABBVU-PGGA-AFS66X-0252019)
591385 Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI5000 Transmission Control Protocol/Internet Protocol (TCP/IP) function Multiple Vulnerabilities (2019-003)