Jump to content
Kev

13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment

Recommended Posts

AVvXsEh5c8dJLT1NbYs3wwb6JHCW6S3Wu0zewhVr

 

As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used in three billion operational technology and IoT devices that could allow for remote code execution, denial-of-service (DoS), and information leak.

 

Collectively called "NUCLEUS:13," successful attacks abusing the flaws can "result in devices going offline and having their logic hijacked," and "spread[ing] malware to wherever they communicate on the network," researchers from Forescout and Medigate said in a technical report published Tuesday, with one proof-of-concept (PoC) successfully demonstrating a scenario that could potentially disrupt medical care and critical processes.

 

Siemens has since released security updates to remediate the weaknesses in Nucleus ReadyStart versions 3 (v2017.02.4 or later) and 4 (v4.1.1 or later).

 

Primarily deployed in automotive, industrial, and medical applications, Nucleus is a closed-source real-time operating system (RTOS) used in safety-critical devices, such as anesthesia machines, patient monitors, ventilators, and other healthcare equipment.

 

The most severe of the issues is CVE-2021-31886 (CVSS score: 9.8), a stack-based buffer overflow vulnerability affecting the FTP server component, effectively enabling a malicious actor to write arbitrary code, hijack the execution flow, and achieve code execution, and in the process, take control of susceptible devices. Two other high-severity vulnerabilities (CVE-2021-31887 and CVE-2021-31888), both impacting FTP servers, could be weaponized to achieve DoS and remote code execution.

 

AVvXsEj9J42QdiqCgPxIyLSk9n5cwOuwpYXn_JXj

 

Real-world attacks leveraging the flaw could hypothetically impede the normal functioning of automated train systems by sending a malicious FTP packet, causing a Nucleus-powered controller to crash, in turn, preventing a train from stopping at a station and causing it to collide with another train on the track.

 

AVvXsEhnV48KURI82gBVfSC7kFilPZz5EwCGIUo6

 

ForeScout's telemetry analysis has revealed closed to 5,500 devices from 16 vendors, with most of the vulnerable Nucleus devices found in the healthcare sector (2,233) followed by government (1,066), retail (348), financial (326), and manufacturing (317).

 

The disclosures mark the seventh time security weaknesses have been discovered in the protocol stacks that underpin millions of internet-connected devices. It's also the fifth study as part of a systematic research initiative called Project Memoria aimed at analyzing the security of TCP/IP network communication stacks —

 

In an independent advisory, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged users to take defensive measures to mitigate the risk of exploitation of these vulnerabilities, including minimizing network exposure for all control system devices, segmenting control system networks from business networks, and using VPNs for remote access.

 

AVvXsEjcIK5cWNwmO-PSM5Mb9N3EKf64EMk0f8fy

 

Quote

The threat landscape for every type of connected device is changing fast, with an ever-increasing number of severe vulnerabilities and attackers being motivated by financial gains more than ever," the researchers concluded. "This is especially true for operational technology and the Internet of Things. The expanded adoption of these types of technology by every type of organization, and their deep integration into critical business operations, will only increase their value for attackers over the long term."

 

Via thehackernews.com

  • Upvote 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...