{"id":6126,"date":"2019-08-01T12:51:19","date_gmt":"2019-08-01T11:51:19","guid":{"rendered":"http:\/\/s313789864.websitehome.co.uk\/?p=6126"},"modified":"2020-12-15T15:28:28","modified_gmt":"2020-12-15T15:28:28","slug":"major-industrial-control-vulnerability-identified","status":"publish","type":"post","link":"http:\/\/s313789864.websitehome.co.uk\/?p=6126","title":{"rendered":"Major Industrial Control Vulnerability Identified"},"content":{"rendered":"

11 zero-day vulnerabilities have been discovered in one of the world\u2019s most widely used IoT operating systems. VxWorks is so common that it is used in over 2 billion devices around the world, including by most major Industrial control brands.<\/p>\n

The security researchers Armis<\/a>, who discovered and disclosed the vulnerability have estimated that over 200 million devices may be exposed and at risk of a potential attack. Six of the eleven identified vulnerabilities have been classified as critical, enabling Remote Code Execution (RCE) through network connectivity to target the core underlying OS; described by Armis as \u201cthe holy grail for attackers\u201d.<\/p>\n

Due to the high likelihood of exposure to the VxWorks vulnerabilities TES are recommending that our clients undertake the following steps.<\/p>\n

    \n
  1. Identify and Patch vulnerable devices:
    \nYou need to urgently identify all devices that use VxWorks and reach out to the device manufacturers for information about patching the software on each device. Most of the major industrial control brands use VxWorks and may be vulnerable. TES are able to conduct onsite scanning to detect affected devices on ICS networks. Please     contact us<\/a> to discuss this further or to arrange an appointment.<\/li>\n<\/ol>\n
      \n
    1. Shield all vulnerable devices via network controls:
      \nTemporarily segment your network to ensure that any vulnerable device is isolated within a small subnet until you can patch or replace vulnerable devices.<\/li>\n<\/ol>\n
        \n
      1. Monitor vulnerable devices for evidence of compromise:
        \nMonitor all devices that are running vulnerable versions of VxWorks for indication of compromise at network level.<\/li>\n<\/ol>\n

        We are aware that many ICS environments are running older (vulnerable) versions of VxWorks, have no patch management strategy for ICS and heavily rely on air gaps which cannot be effectively monitored. Should this be the case for you we recommend that you contact ICS Cyber Security experts such as TES Cybersafe for advice and assistance.<\/strong><\/p>\n

        A list of CVE\u2019s for each vulnerability is included below;<\/h4>\n
        Critical Vulnerabilities allowing remote-code-execution:<\/h6>\n