RVD#3325: ABB's IRC5 VxWorks has a buffer overflow in the IPNET stack

[rvd-bot]

id: 3325
title: 'RVD#3325: ABB''s IRC5 VxWorks has a buffer overflow in the IPNET stack'
type: vulnerability
description: Wind River VxWorks has a Buffer Overflow in the TCP component (issue
  1 of 4). This is a IPNET security vulnerability TCP Urgent Pointer = 0 that leads
  to an integer underflow.
cwe: CWE-119
cve: CVE-2019-12255
keywords:
- IRC5, TCP, Urgent/11
system: IRB140, IRC5, Robotware 5.6.x to 6.9.x, VxWorks6.5
vendor: ABB
severity:
  rvss-score: 10.0
  rvss-vector: RVSS:1.0/AV:RN/AC:L/PR:N/UI:N/Y:O/S:U/C:H/I:H/A:H/H:U/
  severity-description: Critical
  cvss-score: 9.8
  cvss-vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
links:
- https://nvd.nist.gov/vuln/detail/CVE-2019-12255, https://library.e.abb.com/public/e0229f57b8014581a4d6de098f52b351/Robotics%20Cyber%20Security%20Notification%20-%20Wind%20River%20VxWorks%20IPNET%20Vulnerabilities.pdf
- https://github.com/aliasrobotics/RVD/issues/3325
flaw:
  phase: testing
  specificity: general-issue
  architectural-location: Platform code
  application: VxWorks
  subsystem: TCP
  package: N/A
  languages: None
  date-detected: 2020-05-18
  detected-by: Alfonso Glera, Victor Mayoral Vilches (Alias Robotics)
  detected-by-method: testing dynamic, Browser.
  date-reported: '2020-07-15'
  reported-by: Victor Mayoral Vilches
  reported-by-relationship: security researcher
  issue: https://github.com/aliasrobotics/RVD/issues/3325
  reproducibility: Always
  trace: Not disclosed
  reproduction: Not disclosed
  reproduction-image: Not disclosed
exploitation:
  description: Not disclosed
  exploitation-image: Not disclosed
  exploitation-vector: Not disclosed
  exploitation-recipe: ''
mitigation:
  description: Not disclosed
  pull-request: Not disclosed
  date-mitigation: null