CVE-2019-12264
published 2019-08-05CVE-2019-12264: Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.
PriorityP337high7.1CVSS 3.1
AVAACLPRNUINSUCNILAH
EPSS
8.31%
94.2th percentile
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belden | garrettcom_magnum_dx940e_firmware | <= 1.0.1_y7 | — |
| belden | hirschmann_hios | <= 07.0.07 | — |
| belden | hirschmann_hios | <= 07.5.01 | — |
| belden | hirschmann_hios | <= 07.2.04 | — |
| belden | hirschmann_hios | <= 05.3.06 | — |
| siemens | ruggedcom_win7000_firmware | < bs5.2.461.17 | bs5.2.461.17 |
| siemens | ruggedcom_win7018_firmware | < bs5.2.461.17 | bs5.2.461.17 |
| siemens | ruggedcom_win7025_firmware | < bs5.2.461.17 | bs5.2.461.17 |
| siemens | ruggedcom_win7200_firmware | < bs5.2.461.17 | bs5.2.461.17 |
| windriver | vxworks | — | — |
| windriver | vxworks | — | — |
| windriver | vxworks | — | — |
| windriver | vxworks | — | — |
| windriver | vxworks | — | — |
| windriver | vxworks | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
nvdv2.04.8MEDIUMAV:A/AC:L/Au:N/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Interpeak IPnet TCP/IP Stack (Update E)
cisa_ics·2024-09-24·CVSS 9.8
[CRITICAL] Interpeak IPnet TCP/IP Stack (Update E)
ICS Advisory
##
Interpeak IPnet TCP/IP Stack (Update E)
Last RevisedSeptember 24, 2024
Alert CodeICSA-19-274-01
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: ENEA, Green Hills Software, ITRON, IP Infusion, Wind River
- Equipment: OSE by ENEA, INTEGRITY RTOS by Green Hills Software, ITRON, ZebOS by IP Infusion, and VxWorks by Wind River
- Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow (Wrap or Wraparound), Improper Restriction of Operations within the Bounds of a Memory Buffer, Concurrent Execution using Shared Resource with Improp
CISA ICS
Wind River VxWorks (Update A)
cisa_ics·2019-07-30·CVSS 9.8
[CRITICAL] Wind River VxWorks (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Wind River VxWorks (Update A)
Last RevisedOctober 05, 2020
Alert CodeICSA-19-211-01
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low skill level to exploit
- Vendor: Wind River
- Equipment: VxWorks
- Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Condition or Modification, Null Pointer Dereference, Argument Injection or Modification
## 2. UPDATE INFORMATION
This updated advisory is a follow-up to the orig
GHSA
GHSA-7975-fjpp-fmh7: Wind River VxWorks 6
ghsa_unreviewed·2022-05-24
CVE-2019-12264 [HIGH] CWE-88 GHSA-7975-fjpp-fmh7: Wind River VxWorks 6
Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ?ipdhcpc DHCP client component.
No detection rules found.
No public exploits indexed.
Unit42
Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization
blogs_unit42·2022-03-02
Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization
Threat Research Center
Threat Research
Vulnerabilities
## Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization
Aveek Das
Published: March 2, 2022
Threat Research
Vulnerabilities
Healthcare
IoMT
IoT
## Executive Summary
Unit 42 recently set out to better understand how well hospitals and other healthcare providers are doing in securing smart infusion pumps, which are network-connected devices that deliver medications and fluids to patients. This topic is of critical concern because security lapses in these devices have the potential to put lives at risk or expose sensitive patient data.
We reviewed crowdsourced data from scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations using IoT Security for
Unit42
Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization
blogs_unit42·2022-03-02
Know Your Infusion Pump Vulnerabilities and Secure Your Healthcare Organization
## Executive Summary
Unit 42 recently set out to better understand how well hospitals and other healthcare providers are doing in securing smart infusion pumps, which are network-connected devices that deliver medications and fluids to patients. This topic is of critical concern because security lapses in these devices have the potential to put lives at risk or expose sensitive patient data.
We reviewed crowdsourced data from scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations using IoT Security for Healthcare from Palo Alto Networks. An alarming 75 percent of infusion pumps scanned had known security gaps that put them at heightened risk of being compromised by attackers. These shortcomings included exposure to one or more of some 40
Tenable
Critical Vulnerabilities Dubbed URGENT/11 Place Devices Running VxWorks at Risk of RCE Attacks
blogs_tenable·2019-07-29
Critical Vulnerabilities Dubbed URGENT/11 Place Devices Running VxWorks at Risk of RCE Attacks
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
arXiv
FuzzBox: Blending Fuzzing into Emulation for Binary-Only Embedded Targets
arxiv_fulltext·2025-09-06
FuzzBox: Blending Fuzzing into Emulation for Binary-Only Embedded Targets
[FuzzBox: Blending Fuzzing into Emulation \ Binary-Only Embedded Targets]FuzzBox: Blending Fuzzing into Emulation for Binary-Only Embedded Targets
Carmine Cesarano\carmine.cesarano2, roberto.natella\@unina.it
Roberto Natella
DIETI, Università degli Studi di Napoli Federico II, Naples, Italy
Coverage-guided fuzzing has been widely applied to address zero-day vulnerabilities in general-purpose software and operating systems. This approach relies on instrumenting the target code at compile time. However, applying it to industrial systems remains challenging, due to proprietary and closed-source compiler toolchains and lack of access to source code. addresses these limitations by integrating emulation with fuzzing: it dynamically instruments code during execution in a virtualized environme
Bugzilla
CVE-2018-12264 exiv2: integer overflow in getData function in preview.cpp
bugzilla·2018-06-13·CVSS 8.8
CVE-2018-12264 [HIGH] CVE-2018-12264 exiv2: integer overflow in getData function in preview.cpp
CVE-2018-12264 exiv2: integer overflow in getData function in preview.cpp
A flaw was found in Exiv2 0.26. An integer overflow in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp.
References:
https://github.com/Exiv2/exiv2/issues/366
https://github.com/TeamSeri0us/pocs/blob/master/exiv2/2-out-of-read-Poc
Patch:
https://github.com/Exiv2/exiv2/commit/341de4500ab993103c215bfb07d43d4a08654ac4
Discussion:
Created exiv2 tracking bugs for this issue:
Affects: fedora-all [bug 1590995]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:2101 https://access.redhat.com/errata/RHSA-2019:2101
---
This bug is now closed. Further updates for individual products will be reflect
https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdfhttps://support.f5.com/csp/article/K41190253https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_ushttps://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12264https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdfhttps://support.f5.com/csp/article/K41190253https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_ushttps://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12264https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
2019-08-05
Published