Vulnerability Description
Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Windriver | Vxworks | >= 6.5, <= 6.6 |
| Schneider-Electric | Sage 1210 | - |
| Schneider-Electric | Sage 1230 | - |
| Schneider-Electric | Sage 1250 | - |
| Schneider-Electric | Sage 1310 | - |
| Schneider-Electric | Sage 1330 | - |
| Schneider-Electric | Sage 1350 | - |
| Schneider-Electric | Sage 1410 | - |
| Schneider-Electric | Sage 1430 | - |
| Schneider-Electric | Sage 1450 | - |
| Schneider-Electric | Sage 2200 | - |
| Schneider-Electric | Sage 2400 | - |
| Schneider-Electric | Sage 3030 | - |
| Schneider-Electric | Sage 3030 Magnum | - |
Related Weaknesses (CWE)
References
- http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01PatchThird Party Advisory
- http://www.securityfocus.com/bid/75302Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032730Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1033181Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01AThird Party AdvisoryUS Government Resource
- https://security.netapp.com/advisory/ntap-20160324-0001/Third Party Advisory
- http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01PatchThird Party Advisory
- http://www.securityfocus.com/bid/75302Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032730Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1033181Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01AThird Party AdvisoryUS Government Resource
- https://security.netapp.com/advisory/ntap-20160324-0001/Third Party Advisory
FAQ
What is CVE-2015-3963?
CVE-2015-3963 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices bef...
How severe is CVE-2015-3963?
CVE-2015-3963 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3963?
Check the references section above for vendor advisories and patch information. Affected products include: Windriver Vxworks, Schneider-Electric Sage 1210, Schneider-Electric Sage 1230, Schneider-Electric Sage 1250, Schneider-Electric Sage 1310.