Wind River® is committed to delivering secure, reliable products that keep your devices protected. As part of this commitment, our Security Response Team is constantly monitoring and assessing thousands of notifications from CERT-accepted authorities and agencies, Linux security communities such as oss-security, and our customers. Wind River prioritizes these notifications, responds, and proactively contacts customers for timely alerts, enabling them to secure their devices.
Wind River has created and fully tested patches for the security vulnerabilities that were discovered in the TCP/IP stack (IPnet), a component of certain versions of VxWorks. To date, there is no indication that the vulnerabilities have been exploited. Organizations deploying devices with VxWorks are advised to patch impacted devices immediately.
CVEs/IMPACTED PRODUCTS
Recently reported IPnet vulnerabilities have been addressed by the Security Response Team.
These vulnerabilities are tracked under the following CVE entries:
- CVE-2019-12256 ( V7NET-2423 )
- CVE-2019-12257 ( VXW6-87101 )
- CVE-2019-12255 ( VXW6-87100 )
- CVE-2019-12260 ( V7NET-2425 )
- CVE-2019-12261 ( V7NET-2425 )
- CVE-2019-12263 ( V7NET-2425 )
- CVE-2019-12258 ( V7NET-2426 )
- CVE-2019-12259 ( V7NET-2428 )
- CVE-2019-12262 ( V7NET-2427 )
- CVE-2019-12264 ( V7NET-2428 )
- CVE-2019-12265 ( V7NET-2428 )
The following versions of VxWorks using the IPnet stack are impacted (not all vulnerabilities apply to all products):
- VxWorks 7 (SR540 and SR610)
- VxWorks 6.5-6.9
- Versions of VxWorks using the Interpeak standalone network stack
Note: The latest release of VxWorks 7 (SR620) is not affected.
Please view the Security Advisory for full details.
Wind River customers with additional questions about these vulnerabilities should contact Wind River Customer Support or their local Wind River representative for more information. If you own a device that is impacted by these vulnerabilities, please contact your device manufacturer.
REMEDIATION
The following list provides information about Wind River products and the IPnet vulnerabilities. For additional questions, please contact Wind River Customer Support or your Wind River sales representative.
Product | Remediation |
---|---|
VxWorks | Wind River Support Network page for IPnet vulnerability |
We continue to monitor the situation on our security mailing lists in case there are new developments, and will post periodic updates via RSS feeds and the Wind River Support Network. Subscribe to our security alerts RSS feed.