CVE-2010-2965
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/08/2010
Last modified:
11/04/2025
Description
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:rockwellautomation:1756-enbt\/a_firmware:3.2.6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:rockwellautomation:1756-enbt\/a_firmware:3.6.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:* | 6.9.4.12 (including) | |
| cpe:2.3:h:rockwellautomation:1756-enbt\/a:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
- http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735
- http://www.kb.cert.org/vuls/id/362332
- http://www.kb.cert.org/vuls/id/MAPG-86EPFA
- http://www.kb.cert.org/vuls/id/MAPG-86FPQL
- https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708
- http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
- http://rockwellautomation.custhelp.com/cgi-bin/rockwellautomation.cfg/php/enduser/std_adp.php?p_faqid=69735
- http://seclists.org/fulldisclosure/2025/Jan/10
- http://www.kb.cert.org/vuls/id/362332
- http://www.kb.cert.org/vuls/id/MAPG-86EPFA
- http://www.kb.cert.org/vuls/id/MAPG-86FPQL
- https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708