Smart City

Smart City Sentinel

Armis Finds 11 Zero-Day Vulnerabilities, Exposing 200 Million Critical Devices using VxWorks

By Ken Briodagh

Armis, an enterprise IoT security company and recent winner of the IoT Evolution Product of the Year Award, recently announced its discovery of 11 zero-day vulnerabilities, 6 reportedly critical, that affect Wind River VxWorks versions since version 6.5, that include the IPnet stack, collectively known as “URGENT/11.” Updated releases have been provided. URGENT/11 does not impact versions of the product designed for certification, such as VxWorks 653 and VxWorks Cert Edition, Armis said.

Wind River has been working in collaboration with Armis on this matter, and customers were notified and issued patches to address the vulnerabilities last month. To the best of both companies knowledge, there is no indication the URGENT/11 vulnerabilities have been exploited.

VxWorks real-time operating system (RTOS) is used in more than two billion devices across industrial, medical and enterprise environments such as mission-critical systems including SCADA, elevator and industrial controllers, patient monitors and MRI machines, as well as firewalls, routers, modems, VOIP phones and printers. If exploited, URGENT/11 could allow a complete takeover of the device and cause disruption on a scale similar to what resulted from the EternalBlue vulnerability. For a detailed report on URGENT/11, click here.

“VxWorks is the most widely used operating system you may never have heard of,” said Ben Seri, VP, research, Armis. “A wide variety of industries rely on VxWorks to run their critical devices in their daily operations—from healthcare to manufacturing and even security businesses. This is why URGENT/11 is so important. The potential for compromise of critical devices and equipment especially in manufacturing and healthcare is a big concern.”

URGENT/11 reportedly includes six Remote Code Execution (RCE) vulnerabilities that could give an attacker full control over a targeted device, via unauthenticated network packets. Any connected device leveraging VxWorks that includes the IPnet stack is affected by at least one of the discovered vulnerabilities. They include some devices that are located at the perimeter of organizational networks that are internet-facing such as modems, routers and firewalls. Any vulnerability in such a device may enable an attacker to breach networks directly from the internet. Devices protected by perimeter security measures also can be vulnerable once the devices create TCP connections to the internet. These connections can be hijacked and used to trigger the discovered TCP vulnerabilities, allowing attackers to take over the device and access the internal network.

“URGENT/11 could allow attackers to remotely exploit and take over mission critical devices, bypassing traditional perimeter and device security. Every business with these devices needs to ensure they are protected,” said Yevgeny Dibrov, CEO and co-founder, Armis. “The vulnerabilities in these unmanaged and IoT devices can be leveraged to manipulate data, disrupt physical world equipment, and put people’s lives at risk.”

VxWorks is pervasive and trusted due to its rigorous and high-achieving safety certifications and its high degree of reliability and real-time accuracy. In its 32-year history, only 13 Common Vulnerabilities and Exposures (CVEs) have been listed by MITRE as affecting VxWorks. Armis discovered unusually low-level vulnerabilities within the IPnet stack affecting these specific VxWorks versions released in the last 13 years, from versions 6.5 and above. These are the most severe vulnerabilities found in VxWorks to date.

The IPnet networking stack was acquired by Wind River through its acquisition of Interpeak in 2006. Prior to the acquisition, the stack was broadly licensed to and deployed by a number of real-time operating system vendors.

Ben Seri and Dor Zusman, security researcher at Armis will present the exploration of the URGENT/11 vulnerabilities at Black Hat 2019 in Las Vegas on Thursday, August 8, 2019. The talk will also include a demonstration of real-world end-to-end attacks on VxWorks-based devices including a firewall and printer.

Organizations deploying devices with VxWorks should patch impacted devices immediately. More information can be found in the Wind River Security Alert posted on the company’s Security Center.




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Editorial Director

SHARE THIS ARTICLE
Related Articles

'Smart Gas Meter Penetration Rate in Europe Reached 45% in 2023'

By: Alex Passett    3/13/2024

According to new data from Berg Insight, he installed base of smart gas meters in Europe amounted to 55.9 million in 2023, equivalent to a penetration…

Read More

Smarter Grid Planning and Operations: Itron Acquires Elpis Squard to Expand Grid Edge Intelligence Portfolio

By: Alex Passett    3/11/2024

To accelerate the energy transition needs for grid planning, operational and engineering teams and processes, Itron officially announced the strategic…

Read More

IoT Evolution Expo Gold Sponsor Libelium is Changing the Electric Grid with Smart DLR Solutions

By: Alex Passett    2/13/2024

IoT Evolution Expo 2024 is taking place from February 13-15 at the Broward County Convention Center in Fort Lauderdale, Florida. Under the grand umbre…

Read More

A New Record for Connectivity: 'World's Longest-Range Wi-Fi HaLow Solution' Demonstrated by Morse Micro

By: Alex Passett    2/6/2024

Morse Micro recently announced the success of what it has called "the world's first live demonstration of Wi-Fi CERTIFIED HaLow technology extending t…

Read More

'The World's First Smart Rainforest': How NTT and ClimateForce Plan to Use Smart Technology for Environmental Restoration

By: Alex Passett    1/30/2024

ClimateForce and Smart Management Platform (SMP) technology company NTT have announced their partnership with the goal of creating the world's first "…

Read More