Patches for Wind River Holes

Tuesday, April 2, 2013 @ 08:04 PM gHale


Wind River created patches to fix multiple vulnerabilities in its VxWorks Remote Terminal Operating System (RTOS), according to a report on ICS-CERT.

Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories reported six vulnerabilities in Wind River’s VxWorks SSH and Web Server. Successful exploitation of these vulnerabilities could cause a denial-of-service (DoS) condition in the RTOS. One of these vulnerabilities could allow remote code execution if exploited. These vulnerabilities originally ended up reported to JPCERT/CC.

RELATED STORIES
Mitigation for Siemens Comm Modules
Invensys Patches Wonderware Bug
Mitigation Ready for SEL Bug
Schneider, Researcher Disagree on Holes

Wind River produced patches that mitigate these remotely exploitable vulnerabilities. These vulnerabilities affect devices using VxWorks in the critical manufacturing, energy, and water and wastewater sectors.

The following Wind River products are affected:
• Web Server & CLI vulnerabilities: VxWorks Versions 5.5 through 6.9, and
• SSH vulnerabilities: VxWorks Versions 6.5 through 6.9.

Exploitation of each of these vulnerabilities can cause VxWorks to be unavailable until the next reboot.

Wind River, a subsidiary of Intel Corp., is a U.S.-based company that sells products around the world.

The affected product, VxWorks, is a real time operating system. VxWorks and other RTOS see use within industrial control systems made by many different manufactures. Wind River VxWorks deploys across several sectors including critical manufacturing, energy, water and wastewater, and others. Wind River said these products see use worldwide.

The SSH server (IPSSH) implementation in VxWorks 6.5 through 6.9 contains a DoS vulnerability due to an issue in processing authentication requests. An attacker could send specially crafted authentication requests that cause SSH server outage. SSH access may become unavailable until the next reboot as a result of this vulnerability.
CVE-2013-0711 is the number assigned to this vulnerability, which has a CVSS v2 base score of 7.8.

The SSH server (IPSSH) implementation in VxWorks 6.5 through 6.9 contains a DoS vulnerability due to an issue in the processing directly after establishing the SSH connection. Successful exploitation of this vulnerability may cause SSH access to become unavailable until the next reboot. An attacker could send specially crafted packets that cause SSH server outage. The attacker must login with a valid user name and password combination before launching a successful attack.

CVE-2013-0712 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.

The SSH server (IPSSH) implementation in VxWorks 6.5 through 6.9 contains a DoS vulnerability due to an issue in processing pty requests. Receiving a specially crafted pty request packet may cause SSH access to be unavailable until the next reboot. The attacker must login with a valid user name and password combination before launching a successful attack.

CVE-2013-0713 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.

The SSH server (IPSSH) implementation in VxWorks 6.5 through 6.9 contains vulnerability due to an issue in the processing authentication requests. Receiving a specially crafted packet for a public key authentication request may cause the server to hang and SSH access to be unavailable until the next reboot. In addition, arbitrary code may execute on the server with administrator privileges.

CVE-2013-0714 is the number assigned to this vulnerability, which has a CVSS v2 base score of 8.5.

The WebCLI component in VxWorks 5.5 through 6.9 contains a DoS vulnerability due to an issue in parsing command strings. An attacker that can login to a CLI session may cause the current CLI session to terminate. A new CLI session can re-establish without rebooting.

CVE-2013-0715 is the number assigned to this vulnerability, which has a CVSS v2 base score of 6.8.

The Web Server in VxWorks 5.5 through 6.9 contains a DoS vulnerability. When a user accesses the VxWorks Web Server using a specially crafted URL, the server may crash.

CVE-2013-0716 is the number assigned to this vulnerability, which has a CVSS v2 base score of 5.0.

No known public exploits specifically target these vulnerabilities. However, an attacker with a low skill would be able to exploit these vulnerabilities.

Wind River said software patches for these vulnerabilities are available for all affected VxWorks versions. Users interested in obtaining these patches should contact Wind River technical support.



Leave a Reply

You must be logged in to post a comment.