Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Claroty Releases Free Diagnostic Tool for Urgent/11 Vulnerabilities

Industrial cybersecurity firm Claroty this week released a free and open source tool designed to help organizations check whether their operational technology (OT) devices are vulnerable to Urgent/11 attacks.

Industrial cybersecurity firm Claroty this week released a free and open source tool designed to help organizations check whether their operational technology (OT) devices are vulnerable to Urgent/11 attacks.

IoT security firm Armis recently disclosed 11 vulnerabilities affecting the VxWorks real time operating system (RTOS). The flaws, collectively tracked as Urgent/11, can allow a remote attacker to take control of impacted systems.

Urgent11 OT testing tool released

The flaws affect VxWorks versions 6.9.4.11, Vx7 SR540 and Vx7 SR610 — each version is affected by one or more vulnerabilities — and they can be exploited for remote code execution, denial-of-service (DoS) attacks, and information leakage.

Armis said the weaknesses affect over 200 million mission-critical devices, including in the manufacturing, cybersecurity, tech, and industrial automation sectors.

Several major industrial and automation solutions providers have released advisories in response to the Urgent/11 flaws, including ABB, Belden, Rockwell Automation, Siemens, and Schneider Electric.

Learn More About Free ICS Security Resources at SecurityWeek’s 2019 ICS Cyber Security Conference

Advertisement. Scroll to continue reading.

“An asset owner trying to map their exposure to Urgent11 would require a comprehensive and up-to-date inventory of models and firmware versions in the network, something that many ICS/OT owners and operators struggle to maintain).But without this visibility, it is impossible to identify vulnerable devices and correlate them against the existing advisories,” explained Amir Preminger, VP of research at Claroty.

Claroty said it could not find any freely available tool that organizations can use to check if they are vulnerable to Urgent/11 attacks so it decided to release a free and open source diagnostic tool. The tool is designed to look for CVE-2019-12258, one of the Urgent/11 vulnerabilities that can be exploited for DoS attacks.

“This tool implements the CVE-2019-12258 vulnerability, which is a logical vulnerability that was found to lead to connection termination if the attacker has gained access to the source/destination IP and Port,” Preminger said. “This tool allows network owners to scan their network and identify compromised and vulnerable devices, thus garnering insight into the extent of their exposure to Urgent11. This free tool, used in addition to the vendor advisories, should provide a degree of added security for asset owners and provide much-needed transparency into their network systems.”

The free tool, available as a Python script, can be downloaded from GitHub.

Related:Wormable Windows RDS Vulnerability Poses Serious Risk to ICS

Related: Industrial Systems at Risk of WannaCry Ransomware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.