Skip to main content

Vxworks

29 CVEs product

Monthly

CVE-2023-38346 HIGH POC PATCH This Week

An issue was discovered in Wind River VxWorks 6.9 and 7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Vxworks
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-38767 HIGH This Week

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-23937 HIGH This Week

In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Information Disclosure Vxworks
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43268 MEDIUM This Month

An issue was discovered in VxWorks 6.9 through 7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-29999 CRITICAL Act Now

An issue was discovered in Wind River VxWorks through 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Vxworks
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2021-29998 CRITICAL Act Now

An issue was discovered in Wind River VxWorks before 6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Vxworks Ruggedcom Win Subscriber Station Firmware Scalance X200 4 P Irt Firmware +33
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-29997 MEDIUM This Month

An issue was discovered in Wind River VxWorks 7 before 21.03. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Vxworks
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-11440 HIGH This Week

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-10664 HIGH This Week

The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vxworks
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2019-12262 CRITICAL Act Now

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Hirschmann Hios Garrettcom Magnum Dx940E Firmware Ruggedcom Win7000 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
4.1%
CVE-2019-12261 CRITICAL Act Now

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +9
NVD
CVSS 3.1
9.8
EPSS
9.0%
CVE-2019-12260 CRITICAL Act Now

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +9
NVD
CVSS 3.1
9.8
EPSS
22.8%
CVE-2019-12258 HIGH POC THREAT This Week

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Vxworks Sonicos Siprotec 5 Firmware +9
NVD GitHub
CVSS 3.1
7.5
EPSS
23.4%
CVE-2019-12255 CRITICAL POC THREAT Act Now

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vxworks E Series Santricity Os Controller Sonicos Siprotec 5 Firmware +8
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
75.2%
CVE-2019-12265 MEDIUM This Month

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +8
NVD
CVSS 3.1
5.3
EPSS
55.3%
CVE-2019-12263 HIGH This Week

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware +9
NVD
CVSS 3.1
8.1
EPSS
3.2%
CVE-2019-12259 HIGH This Week

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vxworks Sonicos Siprotec 5 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
15.9%
CVE-2019-12257 HIGH This Week

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos Siprotec 5 Firmware E Series Santricity Os Controller +6
NVD
CVSS 3.1
8.8
EPSS
84.2%
CVE-2019-12256 CRITICAL Act Now

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks E Series Santricity Os Controller Sonicos Siprotec 5 Firmware +8
NVD
CVSS 3.1
9.8
EPSS
26.6%
CVE-2019-12264 HIGH This Week

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Hirschmann Hios Garrettcom Magnum Dx940E Firmware Ruggedcom Win7000 Firmware +3
NVD
CVSS 3.1
7.1
EPSS
8.3%
CVE-2019-9865 HIGH This Week

When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Integer Overflow RCE Vxworks
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2015-7599 HIGH This Week

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow RCE Denial Of Service Vxworks
NVD
CVSS 3.0
8.1
EPSS
8.2%
CVE-2015-3963 MEDIUM PATCH This Month

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Schneider Electric Information Disclosure Vxworks
NVD
CVSS 2.0
5.8
EPSS
3.0%
CVE-2013-0716 MEDIUM This Month

The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-0715 MEDIUM This Month

The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2013-0714 CRITICAL Act Now

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Vxworks
NVD
CVSS 2.0
10.0
EPSS
9.3%
CVE-2013-0713 MEDIUM This Month

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
6.8
EPSS
0.7%
CVE-2013-0712 MEDIUM This Month

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
6.8
EPSS
0.8%
CVE-2013-0711 HIGH This Week

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
CVSS 2.0
7.8
EPSS
1.9%
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

An issue was discovered in Wind River VxWorks 6.9 and 7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Vxworks
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a specifically crafted packet sent by a Radius server, may cause Denial of Service during the IP Radius access procedure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in VxWorks 6.9 through 7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Wind River VxWorks through 6.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Vxworks
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Wind River VxWorks before 6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Vxworks +35
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

An issue was discovered in Wind River VxWorks 7 before 21.03. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Vxworks
NVD
EPSS 1% CVSS 7.5
HIGH This Week

httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vxworks
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Hirschmann Hios +5
NVD
EPSS 9% CVSS 9.8
CRITICAL Act Now

Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos +11
NVD
EPSS 23% CVSS 9.8
CRITICAL Act Now

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos +11
NVD
EPSS 23% CVSS 7.5
HIGH POC THREAT This Week

Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Vxworks +11
NVD GitHub
EPSS 75% CVSS 9.8
CRITICAL POC THREAT Act Now

Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Vxworks E Series Santricity Os Controller +10
NVD Exploit-DB
EPSS 55% CVSS 5.3
MEDIUM This Month

Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Sonicos +10
NVD
EPSS 3% CVSS 8.1
HIGH This Week

Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Buffer Overflow Vxworks +11
NVD
EPSS 16% CVSS 7.5
HIGH This Week

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Vxworks +10
NVD
EPSS 84% CVSS 8.8
HIGH This Week

Wind River VxWorks 6.6 through 6.9 has a Buffer Overflow in the DHCP client component. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks Sonicos +8
NVD
EPSS 27% CVSS 9.8
CRITICAL Act Now

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the IPv4 component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Vxworks E Series Santricity Os Controller +10
NVD
EPSS 8% CVSS 7.1
HIGH This Week

Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vxworks Hirschmann Hios +5
NVD
EPSS 2% CVSS 8.1
HIGH This Week

When RPC is enabled in Wind River VxWorks 6.9 prior to 6.9.1, a specially crafted RPC request can trigger an integer overflow leading to an out-of-bounds memory copy. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Integer Overflow RCE +1
NVD
EPSS 8% CVSS 8.1
HIGH This Week

Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow RCE Denial Of Service +1
NVD
EPSS 3% CVSS 5.8
MEDIUM PATCH This Month

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Schneider Electric Information Disclosure Vxworks
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The web server in Wind River VxWorks 5.5 through 6.9 allows remote attackers to cause a denial of service (daemon crash) via a crafted URI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
EPSS 9% CVSS 10.0
CRITICAL Act Now

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to execute arbitrary code or cause a denial of service (daemon hang) via a crafted public-key authentication. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service RCE Vxworks
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted pty request. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote authenticated users to cause a denial of service (daemon outage) via a crafted packet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD
EPSS 2% CVSS 7.8
HIGH This Week

IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 allows remote attackers to cause a denial of service (daemon outage) via a crafted authentication request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Vxworks
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy