IM
IronMonkey Threat Research

CVE-2015-3963 MEDIUM

Published: 2015-08-04 | Last Modified: 2026-06-17 | Status: Modified

Description

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Additional Descriptions (1)

Vulnerabilidad en Wind River VxWorks en versiones anteriores a 5.5.1, 6.5.x hasta la versión 6.7.x en versiones anteriores a 6.7.1.1, 6.8.x hasta la versión 6.8.3, 6.9.x en versiones anteriores a 6.9.4.4 y 7.x en versiones anteriores a 7 ipnet_coreip 1.2.2.0, tal como se utiliza en dispositivos Schneider Electric SAGE RTU en versiones anteriores a J2 y otros dispositivos, no genera correctamente valores del número inicial de secuencia (ISN) de TCP, lo que hace que sea más fácil para los atacantes remotos falsificar las sesiones TCP al predecir un valor ISN.

CVSS Metrics

Base Score: 5.8 (MEDIUM)

AV:N/AC:M/Au:N/C:N/I:P/A:P

Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 4.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-330

Affected Products

Vendor Product Version Update Type
windriver vxworks * <built-in method update of dict object at 0x72a9b0c20800> Operating System
windriver vxworks * <built-in method update of dict object at 0x72a9b0c23380> Operating System
windriver vxworks * <built-in method update of dict object at 0x72a9b0e0eb00> Operating System
windriver vxworks * <built-in method update of dict object at 0x72a9e4157f80> Operating System
windriver vxworks 6.6.3 <built-in method update of dict object at 0x72a9b0c21800> Operating System
windriver vxworks 6.6.4 <built-in method update of dict object at 0x72a9b0c20e00> Operating System
windriver vxworks 6.6.4.1 <built-in method update of dict object at 0x72a9b0a7aa40> Operating System
windriver vxworks 7.0 <built-in method update of dict object at 0x72a9b0a7a180> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:windriver:vxworks:6.6.3:*:*:*:cert:*:*:*
Yes cpe:2.3:o:windriver:vxworks:6.6.4:*:*:*:cert:*:*:*
Yes cpe:2.3:o:windriver:vxworks:6.6.4.1:*:*:*:cert:*:*:*
Yes cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:schneider-electric:sage_1210:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_1230:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_1250:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_1310:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_1330:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_1350:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_2200:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_3030:-:*:*:*:*:*:*:*
No cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*

References

Notification
Message here