Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?


Endpoint Security

Industrial Giants Respond to ‘Urgent/11’ Vulnerabilities

Several major industrial and automation solutions providers have issued advisories in response to the recently disclosed Wind River VxWorks vulnerabilities dubbed Urgent/11.

Several major industrial and automation solutions providers have issued advisories in response to the recently disclosed Wind River VxWorks vulnerabilities dubbed Urgent/11.

In late July, IoT security firm Armis disclosed eleven vulnerabilities found by its researchers in the VxWorks real time operating system (RTOS). The flaws, six of which have been described as critical, can allow a remote attacker to take control of impacted systems.Urgent11

Armis said the vulnerabilities exist in the VxWorks IPnet stack and they expose over 200 million mission-critical devices from around the world to attacks, including in the healthcare, manufacturing, cybersecurity, tech, and industrial automation sectors.

The security holes impact currently supported VxWorks versions, Vx7 SR540 and Vx7 SR610 — each version is affected by one or more vulnerabilities — and they can be exploited for remote code execution, denial-of-service (DoS) attacks, and information leakage. There is no evidence that the vulnerabilities have been exploited in malicious attacks.

Wind River has released patches and several industrial and automation giants have published advisories to inform their customers.


In an advisory published on Friday, Siemens told customers that the Urgent/11 and one additional vulnerability impact its SIPROTEC 5 Ethernet plug-in communication modules and devices.

Patches are already available for some of the company’s products, while for the rest the vendor recommends implementing countermeasures, such as blocking potentially malicious traffic at the firewall.


ICS Cyber Security Conference

ABB says it’s working on patches for Grid Automation products that use VxWorks. The company, to date, has determined that some RTU500, Relion 670, Relion SAM600-IO, PWC600, REB500, AFS66X, AFS660, FOX615, ETL600 and NSD570 products are affected.

Until patches are made available, users have been advised to rely on best security practices and firewalls to prevent attacks.

Rockwell Automation

Rockwell Automation has identified over 30 impacted products, including ones part of the CompactLogix, Compact 500, ControlLogix, 1783-NATR, ArmorBlock, Bulletin 56RF, SLC 500 and Kinetix families.

The company says it’s working on developing patches and in the meantime has provided mitigation advice similar to the other impacted vendors.

Schneider Electric

Schneider Electric is working with Wind River to assess the impact of the flaws on its products, but it has yet to name any affected solutions.

“We downloaded Wind River’s patches as soon as they were made available to us, and we have quickly instituted a remediation plan to evolve all current and future products that rely on the Wind River platform to embed these fixes,” Schneider said.


Woodward, which designs and manufactures energy control and optimization solutions for the aerospace and industrial sectors, says the vulnerabilities affect some of its MicroNet Plus and TMR; Flex, Vertex and Peak; and Atlas II products. The company pointed out that the vulnerable code may exist in components manufactured by turbine OEMs or Woodward partners.

The firm is working on fixes and has advised customers to use the external firewalls in affected Woodward products to reduce the risk of attacks.


Belden says the weaknesses impact its Hirschmann HiOS and Classic Firewall, and Garrettcom DX products. The company is in the process of finalizing the updates that should address the vulnerabilities.

Related: Learn More About ICS Vulnerabilities at SecurityWeek’s 2019 ICS Cyber Security Conference

Related: Wormable Windows RDS Vulnerability Poses Serious Risk to ICS

Related: Industrial Systems at Risk of WannaCry Ransomware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.