← Back to home
ICSA-15-169-01B  ·  Published 2025-06-18  ·  View on CISA ICS-CERT ↗

Wind River VXWorks TCP Predictability Vulnerability in ICS Devices (Update B)

CVSS 5.8 MEDIUM

CVEs (1)

Remediations

  • Wind River has released patches and new versions to address the TCP predictability vulnerability for several versions of VxWorks
  • A patch for VxWorks, Version 7 released prior to February 13, 2015, has been released, which can be downloaded with Wind River’s Workbench maintenance tool. The RPM package is ipnet_coreip 1.2.2.0
  • A new version of VxWorks, Version 6.9 has been released
  • VxWorks, Version 6.9.4.4 can be downloaded with Wind River’s Workbench maintenance tool. Wind River recommends that asset owners using versions of VxWorks, Version 6.9 prior to Version 6.9.4.4, update to Version 6.9.4.4 or contact Wind River
  • A patch for VxWorks, Version 6.8 has been released
  • the patch for VxWorks, Version 6.8.3 is available at the following URL with a valid account: (https://knowledge.windriver.com/en-us/000_Products/000/020/020/050/030/000_VxWorks_6.8.3_Cumulative_Networking_Source_Patch_20150211_for_GPP_and_MSP)
  • The vulnerability is resolved in VxWorks, Version 6.8.3.1 and later versions. Wind River recommends that asset owners using versions of VxWorks, Version 6.8 prior to Version 6.8.3, update to Version 6.8.3.1 or contact Wind River
  • A patch for VxWorks, Version 6.7 has been released
  • the patch for VxWorks, Version 6.7.1 is available at the following URL with a valid account: (https://knowledge.windriver.com/en-us/000_Products/000/020/030/050/020/000_VxWorks_6.7.1_Cumulative_Networking_Patch_20150404)
  • The vulnerability is resolved in VxWorks, Version 6.7.1.1 and later versions. Wind River recommends that asset owners using versions of VxWorks, Version 6.7 prior to Version 6.7.1, update to Version 6.7.1.1 or contact Wind River
  • A patch for VxWorks, Version 5.5 has been released, which is available at the following URL, with a valid account: (https://knowledge.windriver.com/en-us/000_Products/000/020/0B0/000/090/000_VxWorks_5.5.1_Source_Point_Patch_for_Defect_VXW5-11090)
  • The vulnerability is resolved in VxWorks, Version 5.5.2 and later versions. Wind River recommends that asset owners using versions of VxWorks, Version 5.5 prior to Version 5.5.1, update to 5.5.2 or contact Wind River
  • A patch for VxWorks Cert, Version 6.6.4.1 (IPNet Cumulative Patch 2015102209) has been released, which is available at the following URL with a valid account: (https://knowledge.windriver.com/en-us/000_Products/000/040/000/050/000_Cert_6.6.4.1_IPNET_CP_1_patch)
  • A patch for Wind River VxWorks Cert, Version 6.6.4.1 (DO-178B Network Stack Patch) is available on request
  • A patch for Wind River VxWorks 653, Version 2.5 has been released and is available in VxWorks 653, Version 2.5.0.1 and later versions. VxWorks 653, Version 2.5.0.1 can be downloaded with Wind River’s Workbench maintenance tool
  • A patch for Wind River VxWorks 653, Version 3.0 has been released and is available in VxWorks 653, Version 3.0.1 and later versions. VxWorks 653, Version 3.0.1 can be downloaded with Wind River’s Workbench maintenance tool. The RPM package is 6.6.7.1-vxworks653_20151020 and later versions
  • Wind River has stated that they will not provide patches or support for versions of VxWorks that are at end-of-life
  • however, they will work with customers to discuss options. Wind River’s security advisory is available at the following URL with a valid account: (https://knowledge.windriver.com/@api/deki/files/234042/StandardSupportMaintenanceTerms-PremAdd-010615-FINAL.pdf)
  • For more information about Wind River’s patches or new versions of VxWorks, contact Wind River’s customer support at: (http://windriver.com/support/)
  • Additional information about weaknesses in TCP initial sequence number generation is available in CERT/CC’s Vulnerability Note, VU#498440 Multiple TCP/IP Implementations May Use Statistically Predictable Initial Sequence Numbers, which is available at: (https://www.kb.cert.org/vuls/id/498440)
  • Schneider Electric has released patch, C3414-500-S02YZ - Secure Firmware Version J2 that mitigates the vulnerability in CPU card, C3414 LX-800, which is used in multiple Schneider Electric RTUs. Customers may obtain this patch by contacting Schneider Electric’s customer service department at: 1-713-920-6832
  • For all other SAGE RTU models, contact Schneider Electric’s customer service department at: 1-713-920-6832
  • Schneider Electric has released Security Notification, SEVD-2015-162-01, which is available at the following URL: (http://www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01)
  • Schneider Electric recommends the following interim mitigations until patches can be applied: Enable SAGE RTU security features, so that network traffic is encrypted and authenticated
  • Use strong passwords
  • and Implement extensive logging of network traffic.

Affected Vendors

Wind River

Affected Products (29)

Wind River · Wind River VxWorks >=7|<February_13_2015
Wind River · Wind River VxWorks >=6.9|<6.9.4.4
Wind River · Wind River VxWorks >=6.8|<6.8.3
Wind River · Wind River VxWorks >=6.7|<6.7.1.1
Wind River · Wind River VxWorks <6.0_other_than_5.5.1_with_PNE2.2
Wind River · Wind River VxWorks >=6.4|<=6.6
Wind River · Wind River VxWorks 653 Platform/Platform for Safety Critical ARINC 653 3.0
Wind River · Wind River VxWorks 653 Platform/Platform for Safety Critical ARINC 653 2.5
Wind River · Wind River VxWorks 653 Platform/Platform for Safety Critical ARINC 653 2.4
Wind River · Wind River VxWorks 653 Platform/Platform for Safety Critical ARINC 653 2.3
Wind River · Wind River VxWorks 653 Platform/Platform for Safety Critical ARINC 653 2.2
Wind River · Schneider Electric SAGE 1210 RTU vers:all/*
Wind River · Schneider Electric SAGE 1230 RTU vers:all/*
Wind River · Schneider Electric SAGE 1250 RTU vers:all/*
Wind River · Schneider Electric SAGE 2200 RTU vers:all/*
Wind River · Schneider Electric SAGE 1310 RTU vers:all/*
Wind River · Schneider Electric SAGE 1330 RTU vers:all/*
Wind River · Schneider Electric SAGE 1350 RTU vers:all/*
Wind River · Schneider Electric SAGE 2300 RTU vers:all/*
Wind River · Schneider Electric SAGE 3030 RTU vers:all/*
Wind River · Schneider Electric SAGE 1410 RTU vers:all/*
Wind River · Schneider Electric SAGE 1430 RTU vers:all/*
Wind River · Schneider Electric SAGE 1450 RTU vers:all/*
Wind River · Schneider Electric SAGE 2400 RTU vers:all/*
Wind River · Schneider Electric SAGE 3030 Magnum RTU vers:all/*
Wind River · Schneider Electric SAGE LANDAC2 Upgrade Kit vers:all/*
Wind River · Wind River VxWorks Cert 6.6.3
Wind River · Wind River VxWorks Cert 6.6.4
Wind River · Wind River VxWorks Cert 6.6.4.1

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more