Several major industrial and automation solutions providers have issued advisories in response to the recently disclosed Wind River VxWorks vulnerabilities dubbed Urgent/11.
In late July, IoT security firm Armis disclosed eleven vulnerabilities found by its researchers in the VxWorks real time operating system (RTOS). The flaws, six of which have been described as critical, can allow a remote attacker to take control of impacted systems.
Armis said the vulnerabilities exist in the VxWorks IPnet stack and they expose over 200 million mission-critical devices from around the world to attacks, including in the healthcare, manufacturing, cybersecurity, tech, and industrial automation sectors.
The security holes impact currently supported VxWorks versions 6.9.4.11, Vx7 SR540 and Vx7 SR610 — each version is affected by one or more vulnerabilities — and they can be exploited for remote code execution, denial-of-service (DoS) attacks, and information leakage. There is no evidence that the vulnerabilities have been exploited in malicious attacks.
Wind River has released patches and several industrial and automation giants have published advisories to inform their customers.
Siemens
In an advisory published on Friday, Siemens told customers that the Urgent/11 and one additional vulnerability impact its SIPROTEC 5 Ethernet plug-in communication modules and devices.
Patches are already available for some of the company’s products, while for the rest the vendor recommends implementing countermeasures, such as blocking potentially malicious traffic at the firewall.
ABB
ABB say ..
Support the originator by clicking the read the rest link below.
