Unrated severityNVD Advisory· Published Aug 4, 2015· Updated May 6, 2026

CVE-2015-3963

Description

Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value.

Affected products

Windriver/Vxworks5 versions
cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*range: >=6.5,<=6.6
- cpe:2.3:o:windriver:vxworks:6.6.3:*:*:*:cert:*:*:*
- cpe:2.3:o:windriver:vxworks:6.6.4.1:*:*:*:cert:*:*:*
- cpe:2.3:o:windriver:vxworks:6.6.4:*:*:*:cert:*:*:*
- cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.schneider-electric.com/ww/en/download/document/SEVD-2015-162-01nvdPatchThird Party Advisory
www.securityfocus.com/bid/75302nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1032730nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1033181nvdThird Party AdvisoryVDB Entry
ics-cert.us-cert.gov/advisories/ICSA-15-169-01nvdThird Party AdvisoryUS Government Resource
ics-cert.us-cert.gov/advisories/ICSA-15-169-01AnvdThird Party AdvisoryUS Government Resource
security.netapp.com/advisory/ntap-20160324-0001/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000