CVE-2010-2965

2022-10-0316:21:07

CWE-863

[email protected]

web.nvd.nist.gov

cve-2010-2965

wdb target agent

wind river vxworks

remote attackers

memory locations

function calls

udp port 17185

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

High

0.515 Medium

EPSS

Percentile

97.6%

JSON

The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804.

Affected configurations

NVD

Node

rockwellautomation1756-enbt\/a_firmwareMatch3.2.6

rockwellautomation1756-enbt\/a_firmwareMatch3.6.1

windrivervxworksRange≤6.9.4.12

AND

rockwellautomation1756-enbt\/aMatch-

CPENameOperatorVersion
rockwellautomation:1756-enbt\/a_firmwarerockwellautomation 1756-enbt/a firmwareeq3.2.6
rockwellautomation:1756-enbt\/a_firmwarerockwellautomation 1756-enbt/a firmwareeq3.6.1
windriver:vxworkswindriver vxworksle6.9.4.12

CPE	Name	Operator	Version
rockwellautomation:1756-enbt\/a_firmware	rockwellautomation 1756-enbt/a firmware	eq	3.2.6
rockwellautomation:1756-enbt\/a_firmware	rockwellautomation 1756-enbt/a firmware	eq	3.6.1
windriver:vxworks	windriver vxworks	le	6.9.4.12