Vulnerability Alert | Multiple Remote Code Execution Vulnerabilities in VxWorks TCP/IP Stack

Vulnerability Alert

Multiple Remote Code Execution Vulnerabilities in VxWorks TCP/IP Stack

On July 30, the Armis security research team published an article claiming that they discovered a total of 11 vulnerabilities in the VxWorks TCP/IP stack, of which 6 vulnerabilities could lead to remote code execution.

Vulnerability Description

VxWorks is currently the most widely used real-time operating system (RTOS) deployed in embedded systems, developed by Wind River. Real-time operating systems are used by devices that require high precision and reliability, such as critical infrastructure, networking equipment, medical devices, industrial systems, and even spacecraft. Therefore, VxWorks is applied in various fields, from PLCs to MRI machines, firewalls, printers, and even aircraft and trains.

According to the official security notice from Wind River and the blog article from the Armis security research team, a total of 11 security vulnerabilities have been discovered in the VxWorks TCP/IP stack (IPnet), of which 6 are remote code execution vulnerabilities. Attackers can exploit these vulnerabilities remotely and without authorization to gain access to the target system.

Impact Scope

The following versions of VxWorks using the IPnet stack are affected (not all vulnerabilities apply to all products):

  • VxWorks 7 (SR540, SR610)

  • VxWorks 6.5 to 6.9

  • VxWorks versions using the Interpeak standalone network stack

Note that the latest version of VxWorks 7 (SR620) is not affected.

Solution

Visit the Wind River official support center to obtain the vulnerability patch:

https://support2.windriver.com/index.php?page=security-notices&on=view&id=6652

For assistance, please contact [email protected].

References

  • https://armis.com/urgent11/

  • https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/

Vulnerability Alert | Multiple Remote Code Execution Vulnerabilities in VxWorks TCP/IP Stack

Chaitin Emergency Response Service

Fully committed to product upgrades

Timely sending of warning plans to customers

Checking whether business operations are affected by this vulnerability

Please contact the Chaitin emergency team

Available 24/7 to safeguard your security!

Vulnerability Alert | Multiple Remote Code Execution Vulnerabilities in VxWorks TCP/IP Stack

Contact us immediately:

Email: [email protected]

Emergency response hotline: 4000-327-707

Related posts

  1. Did You Know? Ping and Tracert Are the Same Protocol
  2. Understanding HTTP, TCP, IP, and Socket Protocols
  3. Running Qt on VxWorks: A Powerful Combination for Embedded Development
  4. Fundamentals of Cybersecurity
  5. Common Linux Commands – Part 2
  6. fio Read/Write Performance Testing
  7. Discussing the Principles of the torch-npu Plugin
  8. Kali Linux Update Failure Warning After Losing Repo Signing Key
  9. Understanding TCP/IP Protocols: A Clear Overview
  10. What Is the Use of TCP/IP Technology?
  11. Common Network Protocols: NetBEUI, IPX/SPX, TCP/IP
  12. Can SDN Networks Replace TCP/IP?
  13. Python API Automation | A Minimal Guide to PUT Requests
  14. MCU in Embedded Development – Task Management in FreeRTOS
  15. Summary of TCP Concepts
  16. Microsoft Aims to End TCP/IP: Launches Its Own Version of QUIC, MsQuic, and Open Sources It
  17. Thread Synchronization and Mutual Exclusion in C++
  18. Linux Networking Essentials: TCP/IP Protocol Stack

Leave a Comment