Wind River VxWorks 6.6, 6.7, 6.8, 6.9.3, 6.9.4, and Vx7 has Incorrect Access Control in IPv4 assignment by the ipdhcpc DHCP client component.
Conclusion & alert: CVE-2019-12264 is rated High Risk (66.4/100): CVSS High severity, with high exploitation likelihood (EPSS 8.31%, 94th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +8.23% over the last day, indicating growing attacker interest. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.08% | 8.31% | +8.23% |
| 2 | 2025-11-02 | 0.23% | 0.08% | -0.15% |
| 3 | 2025-10-08 | — | 0.23% | — |
Full EPSS history (12 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.1 | 3.1 | HIGH |
|
2.8 | 4.2 | [email protected] |
| 4.8 | 2.0 | MEDIUM |
|
6.5 | 4.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| windriver | vxworks | 6.6 | cpe:2.3:o:windriver:vxworks:6.6:*:*:*:*:*:*:* |
| windriver | vxworks | 6.7 | cpe:2.3:o:windriver:vxworks:6.7:*:*:*:*:*:*:* |
| windriver | vxworks | 6.8 | cpe:2.3:o:windriver:vxworks:6.8:*:*:*:*:*:*:* |
| windriver | vxworks | 6.9.3 | cpe:2.3:o:windriver:vxworks:6.9.3:*:*:*:*:*:*:* |
| windriver | vxworks | 6.9.4 | cpe:2.3:o:windriver:vxworks:6.9.4:*:*:*:*:*:*:* |
| windriver | vxworks | 7.0 | cpe:2.3:o:windriver:vxworks:7.0:*:*:*:*:*:*:* |
| belden | hirschmann_hios | <= 07.0.07 | cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:* |
| belden | hirschmann_hios | <= 07.5.01 | cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:* |
| belden | hirschmann_hios | <= 07.2.04 | cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:* |
| belden | hirschmann_hios | <= 05.3.06 | cpe:2.3:o:belden:hirschmann_hios:*:*:*:*:*:*:*:* |
| belden | garrettcom_magnum_dx940e_firmware | <= 1.0.1_y7 | cpe:2.3:o:belden:garrettcom_magnum_dx940e_firmware:*:*:*:*:*:*:*:* |
| siemens | ruggedcom_win7000_firmware | < bs5.2.461.17 | cpe:2.3:o:siemens:ruggedcom_win7000_firmware:*:*:*:*:*:*:*:* |
| siemens | ruggedcom_win7018_firmware | < bs5.2.461.17 | cpe:2.3:o:siemens:ruggedcom_win7018_firmware:*:*:*:*:*:*:*:* |
| siemens | ruggedcom_win7025_firmware | < bs5.2.461.17 | cpe:2.3:o:siemens:ruggedcom_win7025_firmware:*:*:*:*:*:*:*:* |
| siemens | ruggedcom_win7200_firmware | < bs5.2.461.17 | cpe:2.3:o:siemens:ruggedcom_win7200_firmware:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf | Third Party Advisory |
| https://support.f5.com/csp/article/K41190253 | Third Party Advisory |
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03960en_us | Third Party Advisory |
| https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-12264 | Vendor Advisory |
| https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/ | Vendor Advisory |