Security Experts:

Claroty Releases Free Diagnostic Tool for Urgent/11 Vulnerabilities

Industrial cybersecurity firm Claroty this week released a free and open source tool designed to help organizations check whether their operational technology (OT) devices are vulnerable to Urgent/11 attacks.

IoT security firm Armis recently disclosed 11 vulnerabilities affecting the VxWorks real time operating system (RTOS). The flaws, collectively tracked as Urgent/11, can allow a remote attacker to take control of impacted systems.

Urgent11 OT testing tool released

The flaws affect VxWorks versions, Vx7 SR540 and Vx7 SR610 — each version is affected by one or more vulnerabilities — and they can be exploited for remote code execution, denial-of-service (DoS) attacks, and information leakage.

Armis said the weaknesses affect over 200 million mission-critical devices, including in the manufacturing, cybersecurity, tech, and industrial automation sectors.

Several major industrial and automation solutions providers have released advisories in response to the Urgent/11 flaws, including ABB, Belden, Rockwell Automation, Siemens, and Schneider Electric.

Learn More About Free ICS Security Resources at SecurityWeek’s 2019 ICS Cyber Security Conference

“An asset owner trying to map their exposure to Urgent11 would require a comprehensive and up-to-date inventory of models and firmware versions in the network, something that many ICS/OT owners and operators struggle to maintain).But without this visibility, it is impossible to identify vulnerable devices and correlate them against the existing advisories,” explained Amir Preminger, VP of research at Claroty.

Claroty said it could not find any freely available tool that organizations can use to check if they are vulnerable to Urgent/11 attacks so it decided to release a free and open source diagnostic tool. The tool is designed to look for CVE-2019-12258, one of the Urgent/11 vulnerabilities that can be exploited for DoS attacks.

“This tool implements the CVE-2019-12258 vulnerability, which is a logical vulnerability that was found to lead to connection termination if the attacker has gained access to the source/destination IP and Port,” Preminger said. “This tool allows network owners to scan their network and identify compromised and vulnerable devices, thus garnering insight into the extent of their exposure to Urgent11. This free tool, used in addition to the vendor advisories, should provide a degree of added security for asset owners and provide much-needed transparency into their network systems.”

The free tool, available as a Python script, can be downloaded from GitHub.

Related:Wormable Windows RDS Vulnerability Poses Serious Risk to ICS

Related: Industrial Systems at Risk of WannaCry Ransomware Attacks

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.