Equipment in hospitals, factories, offices, etc potentially vulnerable to attack
Wind River has patched 11 security vulnerabilities in VxWorks that can be potentially exploited over networks or the internet to commandeer all sorts of equipment dotted around the planet.
This real-time operating system powers car electronics, factory robots and controllers, aircraft and spacecraft, wireless routers, medical equipment, digital displays, and plenty of other stuff – so if you deploy a vulnerable version of VxWorks, and it is network or internet-connected, you definitely want to check this out.
The vulnerabilities, discovered by security outfit Armis, can be exploited to leak internal device information, crash gadgets, and – in more than half of the flaws – execute malicious code on machines.
It is estimated that VxWorks runs on two billion devices as an embedded OS, though Armis reckoned 200 million gizmos are actually potentially affected.
According to Armis [PDF] today, all 11 of the vulnerabilities (dubbed Urgent/11 for marketing purposes) are found in the VxWorks TCP/IP stack, IPnet.