Security Experts:

Connect with us

Hi, what are you looking for?



Claroty Releases Free Diagnostic Tool for Urgent/11 Vulnerabilities

Industrial cybersecurity firm Claroty this week released a free and open source tool designed to help organizations check whether their operational technology (OT) devices are vulnerable to Urgent/11 attacks.

Industrial cybersecurity firm Claroty this week released a free and open source tool designed to help organizations check whether their operational technology (OT) devices are vulnerable to Urgent/11 attacks.

IoT security firm Armis recently disclosed 11 vulnerabilities affecting the VxWorks real time operating system (RTOS). The flaws, collectively tracked as Urgent/11, can allow a remote attacker to take control of impacted systems.

Urgent11 OT testing tool released

The flaws affect VxWorks versions, Vx7 SR540 and Vx7 SR610 — each version is affected by one or more vulnerabilities — and they can be exploited for remote code execution, denial-of-service (DoS) attacks, and information leakage.

Armis said the weaknesses affect over 200 million mission-critical devices, including in the manufacturing, cybersecurity, tech, and industrial automation sectors.

Several major industrial and automation solutions providers have released advisories in response to the Urgent/11 flaws, including ABB, Belden, Rockwell Automation, Siemens, and Schneider Electric.

Learn More About Free ICS Security Resources at SecurityWeek’s 2019 ICS Cyber Security Conference

“An asset owner trying to map their exposure to Urgent11 would require a comprehensive and up-to-date inventory of models and firmware versions in the network, something that many ICS/OT owners and operators struggle to maintain).But without this visibility, it is impossible to identify vulnerable devices and correlate them against the existing advisories,” explained Amir Preminger, VP of research at Claroty.

Claroty said it could not find any freely available tool that organizations can use to check if they are vulnerable to Urgent/11 attacks so it decided to release a free and open source diagnostic tool. The tool is designed to look for CVE-2019-12258, one of the Urgent/11 vulnerabilities that can be exploited for DoS attacks.

“This tool implements the CVE-2019-12258 vulnerability, which is a logical vulnerability that was found to lead to connection termination if the attacker has gained access to the source/destination IP and Port,” Preminger said. “This tool allows network owners to scan their network and identify compromised and vulnerable devices, thus garnering insight into the extent of their exposure to Urgent11. This free tool, used in addition to the vendor advisories, should provide a degree of added security for asset owners and provide much-needed transparency into their network systems.”

The free tool, available as a Python script, can be downloaded from GitHub.

Related:Wormable Windows RDS Vulnerability Poses Serious Risk to ICS

Related: Industrial Systems at Risk of WannaCry Ransomware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...