Smart City

Smart City Sentinel

Armis Finds 11 Zero-Day Vulnerabilities, Exposing 200 Million Critical Devices using VxWorks

By Ken Briodagh

Armis, an enterprise IoT security company and recent winner of the IoT Evolution Product of the Year Award, recently announced its discovery of 11 zero-day vulnerabilities, 6 reportedly critical, that affect Wind River VxWorks versions since version 6.5, that include the IPnet stack, collectively known as “URGENT/11.” Updated releases have been provided. URGENT/11 does not impact versions of the product designed for certification, such as VxWorks 653 and VxWorks Cert Edition, Armis said.

Wind River has been working in collaboration with Armis on this matter, and customers were notified and issued patches to address the vulnerabilities last month. To the best of both companies knowledge, there is no indication the URGENT/11 vulnerabilities have been exploited.

VxWorks real-time operating system (RTOS) is used in more than two billion devices across industrial, medical and enterprise environments such as mission-critical systems including SCADA, elevator and industrial controllers, patient monitors and MRI machines, as well as firewalls, routers, modems, VOIP phones and printers. If exploited, URGENT/11 could allow a complete takeover of the device and cause disruption on a scale similar to what resulted from the EternalBlue vulnerability. For a detailed report on URGENT/11, click here.

“VxWorks is the most widely used operating system you may never have heard of,” said Ben Seri, VP, research, Armis. “A wide variety of industries rely on VxWorks to run their critical devices in their daily operations—from healthcare to manufacturing and even security businesses. This is why URGENT/11 is so important. The potential for compromise of critical devices and equipment especially in manufacturing and healthcare is a big concern.”

URGENT/11 reportedly includes six Remote Code Execution (RCE) vulnerabilities that could give an attacker full control over a targeted device, via unauthenticated network packets. Any connected device leveraging VxWorks that includes the IPnet stack is affected by at least one of the discovered vulnerabilities. They include some devices that are located at the perimeter of organizational networks that are internet-facing such as modems, routers and firewalls. Any vulnerability in such a device may enable an attacker to breach networks directly from the internet. Devices protected by perimeter security measures also can be vulnerable once the devices create TCP connections to the internet. These connections can be hijacked and used to trigger the discovered TCP vulnerabilities, allowing attackers to take over the device and access the internal network.

“URGENT/11 could allow attackers to remotely exploit and take over mission critical devices, bypassing traditional perimeter and device security. Every business with these devices needs to ensure they are protected,” said Yevgeny Dibrov, CEO and co-founder, Armis. “The vulnerabilities in these unmanaged and IoT devices can be leveraged to manipulate data, disrupt physical world equipment, and put people’s lives at risk.”

VxWorks is pervasive and trusted due to its rigorous and high-achieving safety certifications and its high degree of reliability and real-time accuracy. In its 32-year history, only 13 Common Vulnerabilities and Exposures (CVEs) have been listed by MITRE as affecting VxWorks. Armis discovered unusually low-level vulnerabilities within the IPnet stack affecting these specific VxWorks versions released in the last 13 years, from versions 6.5 and above. These are the most severe vulnerabilities found in VxWorks to date.

The IPnet networking stack was acquired by Wind River through its acquisition of Interpeak in 2006. Prior to the acquisition, the stack was broadly licensed to and deployed by a number of real-time operating system vendors.

Ben Seri and Dor Zusman, security researcher at Armis will present the exploration of the URGENT/11 vulnerabilities at Black Hat 2019 in Las Vegas on Thursday, August 8, 2019. The talk will also include a demonstration of real-world end-to-end attacks on VxWorks-based devices including a firewall and printer.

Organizations deploying devices with VxWorks should patch impacted devices immediately. More information can be found in the Wind River Security Alert posted on the company’s Security Center.




Edited by Ken Briodagh

Editorial Director

SHARE THIS ARTICLE
Related Articles

DeepRoute to Begin Testing Self-Driving Vehicles in California

By: Ken Briodagh    10/14/2019

Autonomous Vehicle Testing Permit Brings Company Closer to Full Vehicle Autonomy on the Roads

Read More

The Rise of Automated Vehicles: Christopher J. Bonanti On Public Private Partnerships

By: Arti Loftus    10/14/2019

We spoke with Christopher Bonanti, who served as a senior executive at the National Highway Traffic Safety Administration and in leadership roles at s…

Read More

CareConnect Selects Woolpert for Google Maps Platform Enterprise Account

By: Ken Briodagh    10/14/2019

The expanding software solution provider will leverage the platform to increase compliance and operational efficiencies for its clients and customers

Read More

Otis Completes Elevator Modernization for Empire State Building

By: Ken Briodagh    10/14/2019

Otis recently delivered and installed a custom-made glass elevator to carry visitors to the Empire State Building's newly renovated 102nd floor Observ…

Read More

BehrTech and MAJiK Systems Partner on IoT Connectivity for Industrial Brownfields

By: Ken Briodagh    10/10/2019

BehrTech and MAJiK Systems have signed a strategic partnership to bring wireless connectivity to legacy Programmable Logic Controllers (PLC).

Read More