VxWorks Vulnerabilities: More Exposure Than You Think
Posted July 30, 2019 by Sayers
Six of the URGENT/11 bugs can be exploited to achieve remote code execution (RCE). At least one bug affects each version of the OS starting with 6.5, while others can lead to a denial of service (DoS) attack.
Well, while this is something you may not have heard of it is the real time operating system of choice for around 200+ million devices, ranging from:
- Spacecraft: Mars 2020 rover, SpaceX Dragon, NASA Juno probe
- Space telescopes: Fermi Gamma-ray, Webb
- Aircraft: Airbus A400M, Boeing 787, Boeing AH-64 Apache
- Industrial robots
- Transportation control systems
- Elevator control systems
- Telecommunication systems
- Water and waste control systems
- Energy, oil and gas refining control systems
- Medical equipment: MRI scanners (Watch takeover of a patient monitor)
- Commercial and consumer electronics:
- Linksys wireless routers
- Apple Airport Extreme
- SonicWall Firewalls (Watch takeover of a Sonic Firewall)
- VoIP phones, printers, internet working equipment (Watch takeover of a Xerox Printer)
….so chances are there is an IoT device in your corporate environment or in your personal life impacted.
Sayers can help you determine what affected systems are operating in your infrastructure. We can come up with a plan to mitigate the risk of exploitation while assisting in the remediation of the bugs. Let us help you protect your critical systems.
Additional Resources:
