Protect your VxWorks automation components against attacks and unauthorized access.
In July 2019, Armis Inc., an IoT security company, stated that they had discovered 11 zero-day vulnerabilities in VxWorks, the real-time operating system from Wind River. These vulnerabilities affect a large number of industrial automation components. You can protect your network with mGuard security components.
VxWorks is the most widely used real-time operating system and it is used in more than two billion devices. Typical areas of application include the aerospace and defense industries as well as in machine controllers, medical devices, and network infrastructure.
URGENT/11 is the name for 11 vulnerabilities that affect VxWorks’ TCP/IP stack (IPnet) and, in part, remained undetected for up to 13 years. This means that they affect numerous versions of VxWorks. Six of the vulnerabilities are classified as critical, while the remaining five are classified as information leaks or logical errors.
The vulnerabilities make it possible for attackers to take control of devices remotely with no user interaction required and to propagate malware into and within networks. Attackers are able to circumvent any firewalls and NAT solutions. Such an attack would be similar to the EternalBlue vulnerability, which was used to spread the WannaCry malware. Possible targets included SCADA systems, industrial controllers, firewalls, routers, printers, and even MRI machines.
In general, updating all devices running VxWorks can be difficult and is, in some cases, not possible: first, all VxWorks devices must be identified, which can be a challenging task in itself. Furthermore, updates may not be available for all devices. And even if updates are available, installation can be a risky and time-consuming process, and you run the risk that the system will no longer work as expected afterwards.
Installing discrete security components such as, for example, mGuard security routers, which protect the network against known risks, is a much simpler solution. mGuards are equipped with a function that blocks every TCP package that contains an Urgent flag. The activation of this and additional security configurations in an mGuard security router offers comprehensive protection for VxWorks devices against exploitation of all six critical vulnerabilities. Moreover, mGuard offers identical protection within a LAN as if it were operated in stealth mode. You can find more information about configuration of an mGuard security router to protect against URGENT/11 vulnerabilities in the whitepaper below.
If you are unsure if this applies to you, or if you need help with implementation, please contact us. Our specialists will check your network and design an individual security concept for your system based on your requirements.
"$pageName" on