Smart City

Smart City Sentinel

Armis Finds 11 Zero-Day Vulnerabilities, Exposing 200 Million Critical Devices using VxWorks

By Ken Briodagh

Armis, an enterprise IoT security company and recent winner of the IoT Evolution Product of the Year Award, recently announced its discovery of 11 zero-day vulnerabilities, 6 reportedly critical, that affect Wind River VxWorks versions since version 6.5, that include the IPnet stack, collectively known as “URGENT/11.” Updated releases have been provided. URGENT/11 does not impact versions of the product designed for certification, such as VxWorks 653 and VxWorks Cert Edition, Armis said.

Wind River has been working in collaboration with Armis on this matter, and customers were notified and issued patches to address the vulnerabilities last month. To the best of both companies knowledge, there is no indication the URGENT/11 vulnerabilities have been exploited.

VxWorks real-time operating system (RTOS) is used in more than two billion devices across industrial, medical and enterprise environments such as mission-critical systems including SCADA, elevator and industrial controllers, patient monitors and MRI machines, as well as firewalls, routers, modems, VOIP phones and printers. If exploited, URGENT/11 could allow a complete takeover of the device and cause disruption on a scale similar to what resulted from the EternalBlue vulnerability. For a detailed report on URGENT/11, click here.

“VxWorks is the most widely used operating system you may never have heard of,” said Ben Seri, VP, research, Armis. “A wide variety of industries rely on VxWorks to run their critical devices in their daily operations—from healthcare to manufacturing and even security businesses. This is why URGENT/11 is so important. The potential for compromise of critical devices and equipment especially in manufacturing and healthcare is a big concern.”

URGENT/11 reportedly includes six Remote Code Execution (RCE) vulnerabilities that could give an attacker full control over a targeted device, via unauthenticated network packets. Any connected device leveraging VxWorks that includes the IPnet stack is affected by at least one of the discovered vulnerabilities. They include some devices that are located at the perimeter of organizational networks that are internet-facing such as modems, routers and firewalls. Any vulnerability in such a device may enable an attacker to breach networks directly from the internet. Devices protected by perimeter security measures also can be vulnerable once the devices create TCP connections to the internet. These connections can be hijacked and used to trigger the discovered TCP vulnerabilities, allowing attackers to take over the device and access the internal network.

“URGENT/11 could allow attackers to remotely exploit and take over mission critical devices, bypassing traditional perimeter and device security. Every business with these devices needs to ensure they are protected,” said Yevgeny Dibrov, CEO and co-founder, Armis. “The vulnerabilities in these unmanaged and IoT devices can be leveraged to manipulate data, disrupt physical world equipment, and put people’s lives at risk.”

VxWorks is pervasive and trusted due to its rigorous and high-achieving safety certifications and its high degree of reliability and real-time accuracy. In its 32-year history, only 13 Common Vulnerabilities and Exposures (CVEs) have been listed by MITRE as affecting VxWorks. Armis discovered unusually low-level vulnerabilities within the IPnet stack affecting these specific VxWorks versions released in the last 13 years, from versions 6.5 and above. These are the most severe vulnerabilities found in VxWorks to date.

The IPnet networking stack was acquired by Wind River through its acquisition of Interpeak in 2006. Prior to the acquisition, the stack was broadly licensed to and deployed by a number of real-time operating system vendors.

Ben Seri and Dor Zusman, security researcher at Armis will present the exploration of the URGENT/11 vulnerabilities at Black Hat 2019 in Las Vegas on Thursday, August 8, 2019. The talk will also include a demonstration of real-world end-to-end attacks on VxWorks-based devices including a firewall and printer.

Organizations deploying devices with VxWorks should patch impacted devices immediately. More information can be found in the Wind River Security Alert posted on the company’s Security Center.




Edited by Ken Briodagh

Editorial Director

SHARE THIS ARTICLE
Related Articles

Siklu, Signify Partner to Provide Multi-Gigabit Wireless Connectivity

By: Maurice Nagle    1/24/2022

Siklu and Signify announced the addition of Siklu's MultiHaul TG multi-gigabit wireless connectivity technology to Signify's BrightSites portfolio of …

Read More

Cocoflo Joins The Smart City Event 2022 as a Silver Sponsor

By: TMCnet News    1/12/2022

TMC and Crossfire Media today announced Cocoflo has signed on as a Platinum sponsor for The Smart City Event which is held June 21-24, 2022 at the Gre…

Read More

BAI Communications, Mavenir Unite for Sutherland Smart City Project

By: Luke Bellos    1/10/2022

Smart infrastructure has been a long-term goal for many cities. Many citizens dream of a future with reliable public networks, autonomous vehicles, wi…

Read More

As 5G Spreads Across the US, CBRS Unlocks New Opportunities for Rural and Urban Communities

By: Arti Loftus    1/5/2022

As we start off the new year with new challenges, investment in enterprise 5G deployments that capitalize on the economic benefits of using the Citize…

Read More

Dassault Systèmes and NTT COM Form Sustainability Agreement for Japanese Smart Cities

By: Luke Bellos    12/21/2021

Dassault Systèmes and NTT Communications recently signed a memorandum of understanding, with the intention of forming an alliance to create sustainabl…

Read More