Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P
Vendors Products
Schneider-electric
  • Sage 1330
  • Sage 1350
  • Sage 3030
  • Sage 2400
  • Sage 1250
  • Sage 1310
  • Sage 1450
  • Sage 1430
  • Sage 2200
  • Sage 1230
  • Sage 3030 Magnum
  • Sage 1210
  • Sage 1410
Windriver
  • Vxworks

Configuration 1 [-]

AND
OR cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*
cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*
cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*
cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*
cpe:2.3:o:windriver:vxworks:6.6.3:*:*:*:cert:*:*:*
cpe:2.3:o:windriver:vxworks:6.6.4:*:*:*:cert:*:*:*
cpe:2.3:o:windriver:vxworks:6.6.4.1:*:*:*:cert:*:*:*
cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*
OR cpe:2.3:h:schneider-electric:sage_1210:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1230:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1250:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1310:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1330:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1350:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2200:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030:-:*:*:*:*:*:*:*
cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*
References
Link Resource
http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01 Patch Third Party Advisory
http://www.securityfocus.com/bid/75302 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032730 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033181 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01 Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A Third Party Advisory US Government Resource
https://security.netapp.com/advisory/ntap-20160324-0001/ Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2015-08-04T01:00:00

Updated: 2017-11-09T10:57:01

Reserved: 2015-05-12T00:00:00

Link: CVE-2015-3963

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2015-08-04T01:59:07.357

Modified: 2021-07-22T13:09:15.723

Link: CVE-2015-3963

JSON object: View

cve-icon Redhat Information

No data.

CWE