This week took place release of a free tool for diagnosing systems to detect the presence of vulnerabilities Urgent/11. Claroty company released Urgent/11 vulnerabilities detection tool.
Recall that last month in the VxWorks real-time operating system (RTOS) from Wind River Systems were discovered 11 vulnerabilities that allowed attackers to take control of vulnerable devices.Issues affect VxWorks 6.9.4.11, Vx7 SR540 and Vx7 SR610. In each of them, there is one or more vulnerabilities that allow remotely execute code, carry out a DoS attack, or steal information.
According to Armis experts who discovered Urgent/11, vulnerabilities affect more than 200 million critical devices, including those used in critical infrastructure, technology and industrial automation.
“An adversary exploiting the glitches could take over the affected devices without any interaction from the user. More worryingly, network-level security solutions like firewalls and NAT systems cannot stop the attack. This happens because the packets sent during the attack look like non-threatening network communication”, — report Armis specialists.
In order to create a map of vulnerable devices present in the network, an enterprise will need to conduct a complete inventory of models and firmware versions, and this is a very difficult task. However, without such visibility, it is not possible to identify vulnerable devices and bring them into compliance with the requirements.
In order to create a map of vulnerable devices present in the network, an enterprise will need to conduct a complete inventory of models and firmware versions, and this is a very difficult task. However, without such visibility, it is not possible to identify vulnerable devices and bring them into compliance with the requirements.
Read also: Vulnerability in Kaspersky Anti-Virus allowed cybercriminals monitoring users
In order to create a map of vulnerable devices present in the network, an enterprise will need to conduct a complete inventory of models and firmware versions, and this is a very difficult task. However, without such visibility, it is not possible to identify vulnerable devices and bring them into compliance with the requirements.
Claroty decided to simplify the task for process control system operators and released a free, open source diagnostic tool. The tool is designed to identify one of the vulnerabilities Urgent/11 (CVE-2019-12258) that allows for a DoS attack.
The tool is available for download on the GitHub website.
List of URGENT/11 vulnerabilities
Vulnerabilities leading to RCE:
Stack overflow in the parsing of IPv4 options, leading to RCE:
- CVE-2019-12256
Memory corruption from erroneous handling of the TCP Urgent Pointer field, leading to RCE:
- CVE-2019-12255
- CVE-2019-12260
- CVE-2019-12261
- CVE-2019-12263
Heap overflow in DHCP Offer/ACK parsing in ipdhcpc:
- CVE-2019-12257
Vulnerabilities leading to denial of service, information leak, or logical flaws:
TCP connection DoS via malformed TCP options:
- CVE-2019-12258
DoS via NULL dereference in IGMP parsing:
- CVE-2019-12259
Handling of unsolicited Reverse ARP replies (Logical Flaw):
- CVE-2019-12262
Logical flaw in IPv4 assignment by the ipdhcpc DHCP client:
- CVE-2019-12264
IGMP Information leak via IGMPv3 specific membership report:
- CVE-2019-12265
