Industrial cybersecurity firm Claroty this week released a free and open source tool designed to help organizations check whether their operational technology (OT) devices are vulnerable to Urgent/11 attacks.
IoT security firm Armis recently disclosed 11 vulnerabilities affecting the VxWorks real time operating system (RTOS). The flaws, collectively tracked as Urgent/11, can allow a remote attacker to take control of impacted systems.
The flaws affect VxWorks versions 6.9.4.11, Vx7 SR540 and Vx7 SR610 — each version is affected by one or more vulnerabilities — and they can be exploited for remote code execution, denial-of-service (DoS) attacks, and information leakage.
Armis said the weaknesses affect over 200 million mission-critical devices, including in the manufacturing, cybersecurity, tech, and industrial automation sectors.
Several major industrial and automation solutions providers have released advisories in response to the Urgent/11 flaws, including ABB, Belden, Rockwell Automation, Siemens, and Schneider Electric.
Learn More About Free ICS Security Resources at SecurityWeek’s 2019 ICS Cyber Security Conference
“An asset owner trying to map their exposure to Urgent11 would require a comprehensive and up-to-date inventory of models and firmware versions in the network, something that many ICS/OT owners and operators struggle to maintain).But without this visibility, it is impossible to identify vulnerable devices and correlate them against the existing advisories,” explained Amir Preminger, VP of research at Claroty.
Claroty said it could not find any freely available tool that organizations can use to che ..
Support the originator by clicking the read the rest link below.
