Credit: Thinkstock Eleven zero-day vulnerabilities in WindRiver’s VxWorks, a real-time operating system in use across an advertised 2 billion connected devices have been discovered by network security vendor Armis. Six of the vulnerabilities could enable remote attackers to access unpatched systems without any user interaction, even through a firewall according to Armis. The vulnerabilities affect all devices running VxWorks version 6.5 and later with the exception of VxWorks 7, issued July 19, which patches the flaws. That means the attack windows may have been open for more than 13 years. Armis Labs said that affected devices included SCADA controllers, patient monitors, MRI machines, VOIP phones and even network firewalls, specifying that users in the medical and industrial fields should be particularly quick about patching the software. Thanks to remote-code-execution vulnerabilities, unpatched devices can be compromised by a maliciously crafted IP packet that doesn’t need device-specific tailoring, and every vulnerable device on a given network can be targeted more or less simultaneously. The Armis researchers said that, because the most severe of the issues targets “esoteric parts of the TCP/IP stack that are almost never used by legitimate applications,” specific rules for the open source Snort security framework can be imposed to detect exploits. VxWorks, which has been in use since the 1980s, is a popular real-time OS, used in industrial, medical and many other applications that require extremely low latency and response time. While highly reliable, the inability to install a security agent alongside the operating system makes it vulnerable, said Armis, and the proprietary source code makes it more difficult to detect problems. Armis argued that more attention has to be paid by security researchers to real-time operating systems, particularly given the explosive growth in IoT usage – for one thing, the researchers said, any software that doesn’t get thoroughly researched runs a higher risk of having serious vulnerabilities go unaddressed. For another, the critical nature of many IoT use cases means that the consequences of a compromised device are potentially very serious. “It is inconvenient to have your phone put out of use, but it’s an entirely different story to have your manufacturing plant shut down,” the Armis team wrote. “A compromised industrial controller could shut down a factory, and a pwned patient monitor could have a life-threatening effect.” In addition to the six headlining vulnerabilities, five somewhat less serious security holes were found. These could lead to consequences ranging from denial of service and leaked information to logic flaws and memory issues. More technical details and a fuller overview of the problem can be found at the Armis Labs blog post here, and there are partial lists available of companies and devices that run VxWorks available on Wikipedia and at Wind River’s customer page. Wind River itself issued a security advisory here, which contains some potential mitigation techniques. Related content analysis Beware the gap between security readiness and confidence levels, Cisco warns Companies need greater network segmentation, sandboxes, firewalls, and anomaly detection to fight attackers, according to Cisco's 2024 Cybersecurity Readiness Index. By Michael Cooney Mar 27, 2024 6 mins SASE Network Security Networking analysis Cisco: AI tools, better workspaces would boost in-office appeal Office environments need to change to foster collaboration, and employers need to close the AI skills gap, Cisco reports in its hybrid work study. By Michael Cooney Mar 27, 2024 3 mins Generative AI Careers Networking news HPE Aruba adds genAI search tools to network management platform HPE Aruba is using proprietary LLMs to better understand questions posed in its Networking Central platform and generate more accurate, detailed responses. By Michael Cooney Mar 26, 2024 2 mins Generative AI Data Center Management Network Management Software brandpost Sponsored by HPE Aruba Networking EdgeConnect SD-WAN with SWG: building a SASE foundation By Gabriel Gomane Mar 25, 2024 7 mins SD-WAN PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe