CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Industrial Giants Respond to ‘Urgent/11’ Vulnerabilities

Several major industrial and automation solutions providers have issued advisories in response to the recently disclosed Wind River VxWorks vulnerabilities dubbed Urgent/11.

Several major industrial and automation solutions providers have issued advisories in response to the recently disclosed Wind River VxWorks vulnerabilities dubbed Urgent/11.

In late July, IoT security firm Armis disclosed eleven vulnerabilities found by its researchers in the VxWorks real time operating system (RTOS). The flaws, six of which have been described as critical, can allow a remote attacker to take control of impacted systems.Urgent11

Armis said the vulnerabilities exist in the VxWorks IPnet stack and they expose over 200 million mission-critical devices from around the world to attacks, including in the healthcare, manufacturing, cybersecurity, tech, and industrial automation sectors.

The security holes impact currently supported VxWorks versions 6.9.4.11, Vx7 SR540 and Vx7 SR610 — each version is affected by one or more vulnerabilities — and they can be exploited for remote code execution, denial-of-service (DoS) attacks, and information leakage. There is no evidence that the vulnerabilities have been exploited in malicious attacks.

Wind River has released patches and several industrial and automation giants have published advisories to inform their customers.

Siemens

In an advisory published on Friday, Siemens told customers that the Urgent/11 and one additional vulnerability impact its SIPROTEC 5 Ethernet plug-in communication modules and devices.

Patches are already available for some of the company’s products, while for the rest the vendor recommends implementing countermeasures, such as blocking potentially malicious traffic at the firewall.

ABB

Advertisement. Scroll to continue reading.

ICS Cyber Security Conference

ABB says it’s working on patches for Grid Automation products that use VxWorks. The company, to date, has determined that some RTU500, Relion 670, Relion SAM600-IO, PWC600, REB500, AFS66X, AFS660, FOX615, ETL600 and NSD570 products are affected.

Until patches are made available, users have been advised to rely on best security practices and firewalls to prevent attacks.

Rockwell Automation

Rockwell Automation has identified over 30 impacted products, including ones part of the CompactLogix, Compact 500, ControlLogix, 1783-NATR, ArmorBlock, Bulletin 56RF, SLC 500 and Kinetix families.

The company says it’s working on developing patches and in the meantime has provided mitigation advice similar to the other impacted vendors.

Schneider Electric

Schneider Electric is working with Wind River to assess the impact of the flaws on its products, but it has yet to name any affected solutions.

“We downloaded Wind River’s patches as soon as they were made available to us, and we have quickly instituted a remediation plan to evolve all current and future products that rely on the Wind River platform to embed these fixes,” Schneider said.

Woodward

Woodward, which designs and manufactures energy control and optimization solutions for the aerospace and industrial sectors, says the vulnerabilities affect some of its MicroNet Plus and TMR; Flex, Vertex and Peak; and Atlas II products. The company pointed out that the vulnerable code may exist in components manufactured by turbine OEMs or Woodward partners.

The firm is working on fixes and has advised customers to use the external firewalls in affected Woodward products to reduce the risk of attacks.

Belden

Belden says the weaknesses impact its Hirschmann HiOS and Classic Firewall, and Garrettcom DX products. The company is in the process of finalizing the updates that should address the vulnerabilities.

Related: Learn More About ICS Vulnerabilities at SecurityWeek’s 2019 ICS Cyber Security Conference

Related: Wormable Windows RDS Vulnerability Poses Serious Risk to ICS

Related: Industrial Systems at Risk of WannaCry Ransomware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.