Industrial Giants Respond to ‘Urgent/11’ Vulnerabilities
Several major industrial and automation solutions providers have issued advisories in response to the recently disclosed Wind River VxWorks vulnerabilities dubbed Urgent/11.
In late July, IoT security firm Armis disclosed eleven vulnerabilities found by its researchers in the VxWorks real time operating system (RTOS). The flaws, six of which have been described as critical, can allow a remote attacker to take control of impacted systems.
Armis said the vulnerabilities exist in the VxWorks IPnet stack and they expose over 200 million mission-critical devices from around the world to attacks, including in the healthcare, manufacturing, cybersecurity, tech, and industrial automation sectors.
The security holes impact currently supported VxWorks versions 18.104.22.168, Vx7 SR540 and Vx7 SR610 — each version is affected by one or more vulnerabilities — and they can be exploited for remote code execution, denial-of-service (DoS) attacks, and information leakage. There is no evidence that the vulnerabilities have been exploited in malicious attacks.
Wind River has released patches and several industrial and automation giants have published advisories to inform their customers.
In an advisory published on Friday, Siemens told customers that the Urgent/11 and one additional vulnerability impact its SIPROTEC 5 Ethernet plug-in communication modules and devices.
Patches are already available for some of the company’s products, while for the rest the vendor recommends implementing countermeasures, such as blocking potentially malicious traffic at the firewall.
ABB says it’s working on patches for Grid Automation products that use VxWorks. The company, to date, has determined that some RTU500, Relion 670, Relion SAM600-IO, PWC600, REB500, AFS66X, AFS660, FOX615, ETL600 and NSD570 products are affected.
Until patches are made available, users have been advised to rely on best security practices and firewalls to prevent attacks.
Rockwell Automation has identified over 30 impacted products, including ones part of the CompactLogix, Compact 500, ControlLogix, 1783-NATR, ArmorBlock, Bulletin 56RF, SLC 500 and Kinetix families.
The company says it’s working on developing patches and in the meantime has provided mitigation advice similar to the other impacted vendors.
Schneider Electric is working with Wind River to assess the impact of the flaws on its products, but it has yet to name any affected solutions.
“We downloaded Wind River’s patches as soon as they were made available to us, and we have quickly instituted a remediation plan to evolve all current and future products that rely on the Wind River platform to embed these fixes,” Schneider said.
Woodward, which designs and manufactures energy control and optimization solutions for the aerospace and industrial sectors, says the vulnerabilities affect some of its MicroNet Plus and TMR; Flex, Vertex and Peak; and Atlas II products. The company pointed out that the vulnerable code may exist in components manufactured by turbine OEMs or Woodward partners.
The firm is working on fixes and has advised customers to use the external firewalls in affected Woodward products to reduce the risk of attacks.
Belden says the weaknesses impact its Hirschmann HiOS and Classic Firewall, and Garrettcom DX products. The company is in the process of finalizing the updates that should address the vulnerabilities.