However, the bootrom normally uses statically assigned IP-addresses, not DHCP. The same patches and mitigations apply to VxWorks and the bootrom network stack. The VxWorks bootrom network stack leverages the same IPnet source as VxWorks and, as a result, is also technically vulnerable to CVE-2019-12256.All versions of the discontinued product Advanced Networking Technology (ANT) are likely affected by one or more of the CVE numbers below.Older, End-of-Life versions of VxWorks back to 6.5 are also affected by one or more of the CVE numbers below.All versions of VxWorks under CURRENT support (6.9.4.11, Vx7 SR540, Vx7 SR610) are affected by one or more of the CVE numbers detailed below.Wind River reports the following versions of VxWorks are affected: Successful exploitation of these vulnerabilities could allow remote code execution. This updated advisory is a follow-up to the original advisory titled ICSA-19-211-01 Wind River VxWorks that was published July 30, 2019, on the ICS webpage on. Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow, Integer Underflow, Improper Restriction of Operations within the Bounds of a Memory Buffer, Race Condition, Argument Condition or Modification, Null Pointer Dereference, Argument Injection or Modification.