ByteOS Network

NVD Vulnerability Details :

CVE-2015-3963

Deferred

Source-ics-cert@hq.dhs.gov

Published At-04 Aug, 2015 | 01:59

Updated At-12 Apr, 2025 | 10:46

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.8	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:P

CPE Matches

windriver>>vxworks>>Versions from 6.5(inclusive) to 6.6(inclusive)

cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*

windriver>>vxworks>>Versions from 6.7(inclusive) to 6.7.1.1(exclusive)

cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*

windriver>>vxworks>>Versions from 6.8(inclusive) to 6.8.3(exclusive)

cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*

windriver>>vxworks>>Versions from 6.9(inclusive) to 6.9.4.4(exclusive)

cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*

windriver>>vxworks>>6.6.3

cpe:2.3:o:windriver:vxworks:6.6.3:*:*:*:cert:*:*:*

windriver>>vxworks>>6.6.4

cpe:2.3:o:windriver:vxworks:6.6.4:*:*:*:cert:*:*:*

windriver>>vxworks>>6.6.4.1

cpe:2.3:o:windriver:vxworks:6.6.4.1:*:*:*:cert:*:*:*

windriver>>vxworks>>7.0

cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_1210>>-

cpe:2.3:h:schneider-electric:sage_1210:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_1230>>-

cpe:2.3:h:schneider-electric:sage_1230:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_1250>>-

cpe:2.3:h:schneider-electric:sage_1250:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_1310>>-

cpe:2.3:h:schneider-electric:sage_1310:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_1330>>-

cpe:2.3:h:schneider-electric:sage_1330:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_1350>>-

cpe:2.3:h:schneider-electric:sage_1350:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_1410>>-

cpe:2.3:h:schneider-electric:sage_1410:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_1430>>-

cpe:2.3:h:schneider-electric:sage_1430:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_1450>>-

cpe:2.3:h:schneider-electric:sage_1450:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_2200>>-

cpe:2.3:h:schneider-electric:sage_2200:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_2400>>-

cpe:2.3:h:schneider-electric:sage_2400:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_3030>>-

cpe:2.3:h:schneider-electric:sage_3030:-:*:*:*:*:*:*:*

Schneider Electric SE

>>sage_3030_magnum>>-

cpe:2.3:h:schneider-electric:sage_3030_magnum:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-330	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01	ics-cert@hq.dhs.gov	Patch Third Party Advisory
http://www.securityfocus.com/bid/75302	ics-cert@hq.dhs.gov	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032730	ics-cert@hq.dhs.gov	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033181	ics-cert@hq.dhs.gov	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01	ics-cert@hq.dhs.gov	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A	ics-cert@hq.dhs.gov	Third Party Advisory US Government Resource
https://security.netapp.com/advisory/ntap-20160324-0001/	ics-cert@hq.dhs.gov	Third Party Advisory
http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01	af854a3a-2127-422b-91ae-364da2661108	Patch Third Party Advisory
http://www.securityfocus.com/bid/75302	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032730	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1033181	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-15-169-01A	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory US Government Resource
https://security.netapp.com/advisory/ntap-20160324-0001/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History