/* ---- Google Analytics Code Below */

Saturday, August 03, 2019

Details of VxWorks Vulnerability Found by Armis

More on the topic mentioned recently about extensive vulnerability of common embedded OS.

200 Million Devices—Some Mission-Critical—Vulnerable to Remote Takeover 
in Ars Technica
by Dan Goodin

Researchers at California-based security firm Armis have identified 11 vulnerabilities in various versions of VxWorks, an operating system (OS) that runs on more than 2 billion devices worldwide. The researchers found about 200 million Internet-connected devices (some of which may be controlling elevators, medical equipment, and other mission-critical systems) are vulnerable to attacks that give bad actors complete control of those systems. The vulnerabilities, collectively known as Urgent 11, include six remote code flaws and five less-severe issues that allow a range of security issues including information leaks and denial-of-service attacks. None of the vulnerabilities affect the most recent version of VxWorks, or any certified versions of the OS, including VXWorks 653 or VxWorks Cert Edition. "Such vulnerabilities do not require any adaptations for the various devices using the network stack, making them exceptionally easy to spread," according to the Armis researchers .... "

No comments: