CVE-2010-2965 in 1756-ENBT series A
Summary
by MITRE
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 05/29/2026
The vulnerability identified as CVE-2010-2965 represents a critical security flaw in the Wind River VxWorks real-time operating system implementation, specifically affecting the WDB target agent debug service. This vulnerability exists in VxWorks versions 6.x, 5.x, and earlier releases, making it a long-standing issue that impacts numerous industrial control systems and embedded devices. The affected Rockwell Automation 1756-ENBT series controllers with firmware versions 3.2.6 and 3.6.1 exemplify the widespread nature of this vulnerability across industrial automation equipment. The issue manifests through an unprotected UDP port 17185 which serves as an attack surface for malicious actors seeking to exploit the debug service functionality. This vulnerability is categorized under CWE-284, which addresses improper access control in software systems, and aligns with ATT&CK technique T1059.007 for remote code execution through debug interfaces.
The technical flaw stems from inadequate authentication and authorization mechanisms within the WDB target agent debug service. This service, designed for development and debugging purposes, remains accessible in production environments without proper security controls. Attackers can leverage UDP port 17185 to send malicious requests that bypass normal system protections, enabling them to perform arbitrary memory operations, execute function calls, and manipulate system tasks. The vulnerability allows for complete system compromise, as the debug service provides deep access to the operating system internals. This type of vulnerability falls under the ATT&CK framework's T1211 category for exploitation of remote services, specifically targeting debug interfaces that should never be exposed to unauthenticated network access. The flaw represents a fundamental failure in the principle of least privilege, where system debugging capabilities are accessible without proper credential verification.
The operational impact of CVE-2010-2965 extends beyond simple data theft or system modification, as it provides attackers with complete control over affected industrial systems. In industrial control environments, this vulnerability could enable attackers to manipulate critical processes, disrupt operations, or cause physical damage to equipment. The ability to read arbitrary memory locations allows attackers to extract sensitive operational data, while the capability to perform function calls and manage tasks means they can effectively take control of the entire system. This vulnerability directly affects the availability, integrity, and confidentiality of industrial control systems, making it particularly dangerous in environments where system reliability and safety are paramount. The vulnerability's persistence across multiple VxWorks versions indicates that organizations may have been running exposed systems for extended periods without proper security hardening.
Mitigation strategies for CVE-2010-2965 require immediate implementation of network segmentation and access control measures. Organizations should disable or block UDP port 17185 at network boundaries and implement firewall rules to prevent external access to this debug service. The most effective long-term solution involves upgrading to newer VxWorks versions that properly secure the debug service or disabling the debug functionality entirely in production environments. System administrators should conduct comprehensive audits to identify all affected devices and ensure that debug services are only accessible from trusted network segments with proper authentication. Additionally, implementing network monitoring to detect unauthorized access attempts to UDP port 17185 can help identify potential exploitation attempts. The vulnerability demonstrates the importance of following security best practices for embedded systems and highlights the need for regular security assessments of industrial control environments to prevent similar issues from persisting across multiple system generations.