Researchers have found 11 serious vulnerabilities in VxWorks, the world's most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and medical equipment. Many of the flaws allow attackers to take over devices remotely by just sending network packets, which make them particularly dangerous.
Researchers from IoT security firm Armis, who found the vulnerabilities, dubbed themURGENT/11due to their widespread impact. The flaws are located in the operating system's TCP/IP stack, a core component that handles network communications, and six of them can result in remote code execution (RCE).
"URGENT/11 is serious as it enables attackers to take over devices with no user interaction required, and even bypass perimeter security devices such as firewalls and NAT solutions," the Armis researchers said in their report. "These devastating traits make these vulnerabilities 'wormable,' meaning they can be used to propagatemalwareinto and within networks. Such an attack has a severe potential, resembling that of the EternalBlue vulnerability, used to spread theWannaCrymalware."
The link for this article located at CSO Online is no longer available.