200 Million Enterprise, Industrial, and Medical Devices Affected by RCE Flaws in VxWorks RTOS (Jul 29, 2019)
Armis researchers have discovered 11 vulnerabilities in the real-time operating system, “VxWorks,” that is used by over 200 million devices. VxWorks is used by organizations in the industrial and medical sectors and is utilized by numerous types of devices and equipment such as elevators, firewalls, industrial controllers, patient monitors, printers, MRI machines, and VOIP phones. Six of the vulnerabilities can result in Remote Code Execution (RCE) and are registered as CVE-2019-12256, CVE-2019-12255, CVE-2019-12260, CVE-2019-12261, CVE-2019-12263, and CVE-2019-12257. The other five vulnerabilities can result in denial-of-service, information exposure, and logical errors are registered as CVE-2019-12258, CVE-2019-12262, CVE-2019-12264, CVE-2019-12259, and CVE-2019-12265. At the time of this writing, no observations of these vulnerabilities have been identified in the wild.
Recommendation: Wind River, the owner of the VxWorks operating system was informed of these vulnerabilities by Armis researchers in June 2019 and have since created patches to address these issues. In addition, a security alert was also sent to users to inform them of the situation. It is paramount for users to apply security updates as soon as possible to avoid potential malicious activity associated with these vulnerabilities, especially with such a significant amount of devices affected.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.