ABSTRACT

ICS-CERT Advisory: ICSA-13-091-01: Wind River VxWorks SSH and Web Server Multiple Vulnerabilities   [open pdf - 80KB]

This advisory is from the Department of Homeland Security's Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Computer Emergency Readiness Team (US-CERT). "This advisory provides mitigation details for multiple vulnerabilities in the Wind River VxWorks Remote Terminal Operating System (RTOS). Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories have reported six vulnerabilities in Wind River's VxWorks SSH and Web Server. Successful exploitation of these vulnerabilities could cause a denial-of-service (DoS) condition in the RTOS. One of these vulnerabilities could allow remote code execution if exploited. These vulnerabilities were originally reported to JPCERT/CC. Wind River has produced patches that mitigate these vulnerabilities. These vulnerabilities affect devices using VxWorks in the critical manufacturing, energy, and water and wastewater sectors. These vulnerabilities can be exploited remotely."

Report Number:
ICS-CERT Advisory No. 13-091-01; Industrial Controls System-Cyber Emergency Response Team Advisory No. 13-091-01
Publisher:
Date:
2013-04-01
Copyright:
Public Domain
Retrieved From:
U.S. Computer Emergency Readiness Team: http://www.us-cert.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations