Login Sign Up

CVE-2019-12260

9.8 CRITICAL
Remote Code Execution Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability is a buffer overflow in the TCP component of Wind River VxWorks, caused by malformed TCP AO options leading to urgent pointer state confusion. It allows remote attackers to execute arbitrary code or cause denial of service. Affects VxWorks 6.9 and vx7 systems using IPNET.

💻 Affected Systems

Products:
  • Wind River VxWorks
Versions: 6.9 and vx7
Operating Systems: VxWorks
Default Config Vulnerable: ⚠️ Yes
Notes: Affects systems with IPNET TCP stack enabled; embedded/IoT devices using VxWorks are particularly vulnerable.

📦 What is this software?

Communications Eagle by Oracle

View all CVEs affecting Communications Eagle →

E Series Santricity Os Controller by Netapp

View all CVEs affecting E Series Santricity Os Controller →

Garrettcom Magnum Dx940e Firmware by Belden

View all CVEs affecting Garrettcom Magnum Dx940e Firmware →

Hirschmann Hios by Belden

View all CVEs affecting Hirschmann Hios →

Hirschmann Hios by Belden

View all CVEs affecting Hirschmann Hios →

Hirschmann Hios by Belden

View all CVEs affecting Hirschmann Hios →

Hirschmann Hios by Belden

View all CVEs affecting Hirschmann Hios →

Power Meter 9410 Firmware by Siemens

View all CVEs affecting Power Meter 9410 Firmware →

Power Meter 9810 Firmware by Siemens

View all CVEs affecting Power Meter 9810 Firmware →

Ruggedcom Win7000 Firmware by Siemens

View all CVEs affecting Ruggedcom Win7000 Firmware →

Ruggedcom Win7018 Firmware by Siemens

View all CVEs affecting Ruggedcom Win7018 Firmware →

Ruggedcom Win7025 Firmware by Siemens

View all CVEs affecting Ruggedcom Win7025 Firmware →

Ruggedcom Win7200 Firmware by Siemens

View all CVEs affecting Ruggedcom Win7200 Firmware →

Siprotec 5 Firmware by Siemens

View all CVEs affecting Siprotec 5 Firmware →

Siprotec 5 Firmware by Siemens

View all CVEs affecting Siprotec 5 Firmware →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Sonicos by Sonicwall

View all CVEs affecting Sonicos →

Vxworks by Windriver

View all CVEs affecting Vxworks →

Vxworks by Windriver

View all CVEs affecting Vxworks →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing system crashes or instability in network services.

🟢

If Mitigated

Limited impact if systems are patched, segmented, or have exploit mitigations like ASLR/stack protection.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending malformed TCP packets; no public proof-of-concept has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: VxWorks 6.9 SR0640 and vx7 SR0640

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf

Restart Required: Yes

Instructions:

1. Obtain patch from Wind River support. 2. Apply patch to affected VxWorks systems. 3. Reboot systems to activate the fix.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate VxWorks systems from untrusted networks to block malicious TCP packets.

Disable TCP AO Option

all

Configure systems to reject TCP packets with AO options if not required.

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure to trusted sources only.
  • Monitor network traffic for anomalous TCP packets and system logs for crashes.

🔍 How to Verify

Check if Vulnerable:

Check VxWorks version and patch level; systems running 6.9 or vx7 without SR0640 are vulnerable.

Check Version:

Use VxWorks shell command 'version' or check system configuration files.

Verify Fix Applied:

Verify that patch SR0640 is installed and system is running the updated version.

📡 Detection & Monitoring

Log Indicators:

  • System crashes, kernel panics, or unexpected reboots in VxWorks logs.

Network Indicators:

  • Unusual TCP packets with malformed AO options on port 0 or other TCP ports.

SIEM Query:

Search for network alerts on TCP anomalies or system event logs indicating VxWorks instability.

📊 Metadata

CVE ID: CVE-2019-12260
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: August 9, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-12260, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)