CVE-2019-12262

moderate-risk

Published 2019-08-14

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw).

Do I need to act?

0.16% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (11)

Vxworks

Hirschmann Hios

Garrettcom Magnum Dx940E Firmware

Ruggedcom Win7000 Firmware

Ruggedcom Win7018 Firmware

Ruggedcom Win7025 Firmware

Ruggedcom Win7200 Firmware

Affected Vendors

Windriver Siemens Belden

References (8)

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Third Party Advisory https://support.f5.com/csp/article/K41190253

Vendor Advisory https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12262

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-352504.pdf

Third Party Advisory https://support.f5.com/csp/article/K41190253

Vendor Advisory https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12262

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 16/34 · Moderate