CVE-2019-12258

HIGH

URGENT/11 Scanner, Based on Detection Tool by Armis

Title source: metasploit

Description

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options.

Exploits (1)

metasploit SCANNER

by Ben Seri, Brent Cook, wvu · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/vxworks/urgent11_check.rb

View Code ZIP pw:eip

References (9)

[Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

[Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

[Third Party Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-632562.pdf

[Third Party Advisory] https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0009

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20190802-0001/

[Third Party Advisory] https://support.f5.com/csp/article/K41190253

[Vendor Advisory] https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12258

[Issue Tracking, Vendor Advisory] https://support2.windriver.com/index.php?page=security-notices

[Vendor Advisory] https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Scores

CVSS v3 7.5

EPSS 0.1164

EPSS Percentile 93.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-384

Status published

Products (17)

belden/garrettcom_magnum_dx940e_firmware < 1.0.1_y7

belden/hirschmann_hios < 07.0.07

netapp/e-series_santricity_os_controller 8.00 - 8.40.50.00

siemens/power_meter_9410_firmware < 2.2.1

siemens/power_meter_9810_firmware

siemens/ruggedcom_win7000_firmware < bs5.2.461.17

siemens/ruggedcom_win7018_firmware < bs5.2.461.17

siemens/ruggedcom_win7025_firmware < bs5.2.461.17

siemens/ruggedcom_win7200_firmware < bs5.2.461.17

siemens/siprotec_5_firmware < 7.59

... and 7 more

Published Aug 09, 2019

Tracked Since Feb 18, 2026