ICS-CERT Advisory: ICSA-13-091-01: Wind River VxWorks SSH and Web Server Multiple Vulnerabilities [open pdf - 80KB]
This advisory is from the Department of Homeland Security's Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Computer Emergency Readiness Team (US-CERT). "This advisory provides mitigation details for multiple vulnerabilities in the Wind River VxWorks Remote Terminal Operating System (RTOS). Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories have reported six vulnerabilities in Wind River's VxWorks SSH and Web Server. Successful exploitation of these vulnerabilities could cause a denial-of-service (DoS) condition in the RTOS. One of these vulnerabilities could allow remote code execution if exploited. These vulnerabilities were originally reported to JPCERT/CC. Wind River has produced patches that mitigate these vulnerabilities. These vulnerabilities affect devices using VxWorks in the critical manufacturing, energy, and water and wastewater sectors. These vulnerabilities can be exploited remotely."
ICS-CERT Advisory No. 13-091-01; Industrial Controls System-Cyber Emergency Response Team Advisory No. 13-091-01
U.S. Computer Emergency Readiness Team: http://www.us-cert.gov/