CVE-2019-12259:Wind River VxWorks versions 6.6, 6.7, 6.8, 6.9, and vx7 contain an array index error in the IGMPv3 client component, leading to a denial of service (DoS) vulnerability via NULL dereference in IGMP parsing.

splash
Back

Description Preview

CVE-2019-12259 is a security vulnerability found in Wind River VxWorks, specifically affecting versions 6.6, 6.7, 6.8, 6.9, and vx7. The vulnerability arises from an array index error in the IGMPv3 client component, which can be exploited to cause a denial of service (DoS) condition through a NULL dereference during IGMP parsing. This issue can lead to system instability or crashes, impacting the availability of services relying on the affected components.

Overview

  • Affected Products: Wind River VxWorks versions 6.6, 6.7, 6.8, 6.9, and vx7.
  • Vulnerability Type: Denial of Service (DoS).
  • Impact: The vulnerability allows an attacker to exploit the IGMPv3 client component, potentially leading to system crashes or unavailability of services.
  • Severity: The severity of this vulnerability is significant, as it can disrupt operations in environments relying on VxWorks for real-time processing.

Remediation

To mitigate the risks associated with CVE-2019-12259, users of the affected Wind River VxWorks versions should:

  1. Upgrade: Update to the latest version of Wind River VxWorks that addresses this vulnerability. Refer to Wind River's security notices for specific patches or updates.
  2. Monitor: Implement monitoring for unusual IGMP traffic that may indicate attempts to exploit this vulnerability.
  3. Review Security Practices: Ensure that security best practices are followed, including network segmentation and access controls to limit exposure to potential attacks.

References

  1. Wind River Security Notices
  2. SonicWall PSIRT Advisory
  3. Siemens Product Cert - SSA-632562
  4. NetApp Security Advisory
  5. Wind River TCP/IP Network Stack Announcement
  6. Wind River CVE Details
  7. F5 Support Article
  8. Siemens Product Cert - SSA-189842
  9. Siemens Product Cert - SSA-352504

These sections provide a comprehensive overview of the vulnerability, its implications, and recommended actions for remediation.

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Medium
    Manufacturing
  2. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  3. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  4. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  5. Public Administration: Low
    Public Administration
  6. Accommodation & Food Services: Low
    Accommodation & Food Services
  7. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  8. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  9. Finance and Insurance: Low
    Finance and Insurance
  10. Retail Trade: Low
    Retail Trade
  11. Transportation & Warehousing: Low
    Transportation & Warehousing
  12. Utilities: Low
    Utilities
  13. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  14. Construction: Low
    Construction
  15. Educational Services: Low
    Educational Services
  16. Information: Low
    Information
  17. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  18. Mining: Low
    Mining
  19. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background