[Ezoic account verification [327004]
Home Malware 13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment

13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment


Nucleus TCP/IP stack

As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used in three billion operational technology and IoT devices that could allow for remote code execution, denial-of-service (DoS), and information leak.

Collectively called “NUCLEUS:13,” successful attacks abusing the flaws can “result in devices going offline and having their logic hijacked,” and “spread[ing] malware to wherever they communicate on the network,” researchers from Forescout and Medigate said in a technical report published Tuesday, with one proof-of-concept (PoC) successfully demonstrating a scenario that could potentially disrupt medical care and critical processes.

Siemens has since released security updates to remediate the weaknesses in Nucleus ReadyStart versions 3 (v2017.02.4 or later) and 4 (v4.1.1 or later).

Automatic GitHub Backups

Primarily deployed in automotive, industrial, and medical applications, Nucleus is a closed-source real-time operating system (RTOS) used in safety-critical devices, such as anesthesia machines, patient monitors, ventilators, and other healthcare equipment.

The most severe of the issues is CVE-2021-31886 (CVSS score: 9.8), a stack-based buffer overflow vulnerability affecting the FTP server component, effectively enabling a malicious actor to write arbitrary code, hijack the execution flow, and achieve code execution, and in the process, take control of susceptible devices. Two other high-severity vulnerabilities (CVE-2021-31887 and CVE-2021-31888), both impacting FTP servers, could be weaponized to achieve DoS and remote code execution.

Cyberattack on Hospital

Real-world attacks leveraging the flaw could hypothetically impede the normal functioning of automated train systems by sending a malicious FTP packet, causing a Nucleus-powered controller to crash, in turn, preventing a train from stopping at a station and causing it to collide with another train on the track.

Cyberattack on Train

ForeScout’s telemetry analysis has revealed closed to 5,500 devices from 16 vendors, with most of the vulnerable Nucleus devices found in the healthcare sector (2,233) followed by government (1,066), retail (348), financial (326), and manufacturing (317).

The disclosures mark the seventh time security weaknesses have been discovered in the protocol stacks that underpin millions of internet-connected devices. It’s also the fifth study as part of a systematic research initiative called Project Memoria aimed at analyzing the security of TCP/IP network communication stacks —

Prevent Data Breaches

In an independent advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged users to take defensive measures to mitigate the risk of exploitation of these vulnerabilities, including minimizing network exposure for all control system devices, segmenting control system networks from business networks, and using VPNs for remote access.

Cybersecurity tips

“The threat landscape for every type of connected device is changing fast, with an ever-increasing number of severe vulnerabilities and attackers being motivated by financial gains more than ever,” the researchers concluded. “This is especially true for operational technology and the Internet of Things. The expanded adoption of these types of technology by every type of organization, and their deep integration into critical business operations, will only increase their value for attackers over the long term.”





Source link

RELATED ARTICLES

Researchers Discover PhoneSpy Malware Spying on South Korean Citizens

An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon...

14 New Vulnerabilities Discovered in BusyBox

Researchers from software development company JFrog and industrial cybersecurity firm Claroty have identified a total of 14 new vulnerabilities in BusyBox, and on...

Critical Flaw in Sitecore Experience Platform Exploited in Attacks

Adversaries have started targeting a critical remote code execution vulnerability in Sitecore Experience Platform (Sitecore XP), the Australian Cyber Security Center (ACSC) warns. Tracked...

Most Popular

Anomali Cyber Watch: GitLab Vulnerability Exploited In The Wild, Mekotio Banking Trojan Returns, Microsoft Exchange Vulnerabilities Exploited Again and More

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Babuk, Braktooth, Linux, Gamaredon, Magecart ...

Researchers Discover PhoneSpy Malware Spying on South Korean Citizens

An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon...

Stor-a-File hit by ransomware through SolarWinds Serv-U • The Register

Stor-a-File, a British data capture and storage company, suffered a ransomware attack in August that exploited an unpatched instance of SolarWinds' Serv-U FTP...

13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment

As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used...

Recent Comments