5.8

CVE-2015-3963

EPSS 4.71%
Veröffentlicht 04.08.2015 01:59:07
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Windriver ≫ Vxworks Version >= 6.5 <= 6.6

   Schneider-electric ≫ Sage 1210 Version-
   Schneider-electric ≫ Sage 1230 Version-
   Schneider-electric ≫ Sage 1250 Version-
   Schneider-electric ≫ Sage 1310 Version-
   Schneider-electric ≫ Sage 1330 Version-
   Schneider-electric ≫ Sage 1350 Version-
   Schneider-electric ≫ Sage 1410 Version-
   Schneider-electric ≫ Sage 1430 Version-
   Schneider-electric ≫ Sage 1450 Version-
   Schneider-electric ≫ Sage 2200 Version-
   Schneider-electric ≫ Sage 2400 Version-
   Schneider-electric ≫ Sage 3030 Version-
   Schneider-electric ≫ Sage 3030 Magnum Version-

Windriver ≫ Vxworks Version >= 6.7 < 6.7.1.1

   Schneider-electric ≫ Sage 1210 Version-
   Schneider-electric ≫ Sage 1230 Version-
   Schneider-electric ≫ Sage 1250 Version-
   Schneider-electric ≫ Sage 1310 Version-
   Schneider-electric ≫ Sage 1330 Version-
   Schneider-electric ≫ Sage 1350 Version-
   Schneider-electric ≫ Sage 1410 Version-
   Schneider-electric ≫ Sage 1430 Version-
   Schneider-electric ≫ Sage 1450 Version-
   Schneider-electric ≫ Sage 2200 Version-
   Schneider-electric ≫ Sage 2400 Version-
   Schneider-electric ≫ Sage 3030 Version-
   Schneider-electric ≫ Sage 3030 Magnum Version-

Windriver ≫ Vxworks Version >= 6.8 < 6.8.3

   Schneider-electric ≫ Sage 1210 Version-
   Schneider-electric ≫ Sage 1230 Version-
   Schneider-electric ≫ Sage 1250 Version-
   Schneider-electric ≫ Sage 1310 Version-
   Schneider-electric ≫ Sage 1330 Version-
   Schneider-electric ≫ Sage 1350 Version-
   Schneider-electric ≫ Sage 1410 Version-
   Schneider-electric ≫ Sage 1430 Version-
   Schneider-electric ≫ Sage 1450 Version-
   Schneider-electric ≫ Sage 2200 Version-
   Schneider-electric ≫ Sage 2400 Version-
   Schneider-electric ≫ Sage 3030 Version-
   Schneider-electric ≫ Sage 3030 Magnum Version-

Windriver ≫ Vxworks Version >= 6.9 < 6.9.4.4

   Schneider-electric ≫ Sage 1210 Version-
   Schneider-electric ≫ Sage 1230 Version-
   Schneider-electric ≫ Sage 1250 Version-
   Schneider-electric ≫ Sage 1310 Version-
   Schneider-electric ≫ Sage 1330 Version-
   Schneider-electric ≫ Sage 1350 Version-
   Schneider-electric ≫ Sage 1410 Version-
   Schneider-electric ≫ Sage 1430 Version-
   Schneider-electric ≫ Sage 1450 Version-
   Schneider-electric ≫ Sage 2200 Version-
   Schneider-electric ≫ Sage 2400 Version-
   Schneider-electric ≫ Sage 3030 Version-
   Schneider-electric ≫ Sage 3030 Magnum Version-

Windriver ≫ Vxworks Version6.6.3 SwEditioncert

   Schneider-electric ≫ Sage 1210 Version-
   Schneider-electric ≫ Sage 1230 Version-
   Schneider-electric ≫ Sage 1250 Version-
   Schneider-electric ≫ Sage 1310 Version-
   Schneider-electric ≫ Sage 1330 Version-
   Schneider-electric ≫ Sage 1350 Version-
   Schneider-electric ≫ Sage 1410 Version-
   Schneider-electric ≫ Sage 1430 Version-
   Schneider-electric ≫ Sage 1450 Version-
   Schneider-electric ≫ Sage 2200 Version-
   Schneider-electric ≫ Sage 2400 Version-
   Schneider-electric ≫ Sage 3030 Version-
   Schneider-electric ≫ Sage 3030 Magnum Version-

Windriver ≫ Vxworks Version6.6.4 SwEditioncert

   Schneider-electric ≫ Sage 1210 Version-
   Schneider-electric ≫ Sage 1230 Version-
   Schneider-electric ≫ Sage 1250 Version-
   Schneider-electric ≫ Sage 1310 Version-
   Schneider-electric ≫ Sage 1330 Version-
   Schneider-electric ≫ Sage 1350 Version-
   Schneider-electric ≫ Sage 1410 Version-
   Schneider-electric ≫ Sage 1430 Version-
   Schneider-electric ≫ Sage 1450 Version-
   Schneider-electric ≫ Sage 2200 Version-
   Schneider-electric ≫ Sage 2400 Version-
   Schneider-electric ≫ Sage 3030 Version-
   Schneider-electric ≫ Sage 3030 Magnum Version-

Windriver ≫ Vxworks Version6.6.4.1 SwEditioncert

   Schneider-electric ≫ Sage 1210 Version-
   Schneider-electric ≫ Sage 1230 Version-
   Schneider-electric ≫ Sage 1250 Version-
   Schneider-electric ≫ Sage 1310 Version-
   Schneider-electric ≫ Sage 1330 Version-
   Schneider-electric ≫ Sage 1350 Version-
   Schneider-electric ≫ Sage 1410 Version-
   Schneider-electric ≫ Sage 1430 Version-
   Schneider-electric ≫ Sage 1450 Version-
   Schneider-electric ≫ Sage 2200 Version-
   Schneider-electric ≫ Sage 2400 Version-
   Schneider-electric ≫ Sage 3030 Version-
   Schneider-electric ≫ Sage 3030 Magnum Version-

Windriver ≫ Vxworks Version7.0

   Schneider-electric ≫ Sage 1210 Version-
   Schneider-electric ≫ Sage 1230 Version-
   Schneider-electric ≫ Sage 1250 Version-
   Schneider-electric ≫ Sage 1310 Version-
   Schneider-electric ≫ Sage 1330 Version-
   Schneider-electric ≫ Sage 1350 Version-
   Schneider-electric ≫ Sage 1410 Version-
   Schneider-electric ≫ Sage 1430 Version-
   Schneider-electric ≫ Sage 1450 Version-
   Schneider-electric ≫ Sage 2200 Version-
   Schneider-electric ≫ Sage 2400 Version-
   Schneider-electric ≫ Sage 3030 Version-
   Schneider-electric ≫ Sage 3030 Magnum Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.71%	0.889

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:N/I:P/A:P

CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://www.securitytracker.com/id/1033181

Third Party Advisory

VDB Entry

http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01

Patch

Third Party Advisory

http://www.securityfocus.com/bid/75302

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1032730

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01

Third Party Advisory

US Government Resource

https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A

Third Party Advisory

US Government Resource

https://security.netapp.com/advisory/ntap-20160324-0001/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-3963

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3963

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3963

EUVD