Articles Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat


Eleven vulnerabilities, combined under the name Urgent / 11, were made public in August 2019. Five bugs with the general name CDPwn showed up earlier this year and got patches at that time. However, 97% of devices affected by Urgent / 11 and 80% of devices vulnerable to CDPwn attacks are still not patched.

Critical Urgent / 11 vulnerabilities (PDF) have been identified in Wind River’s VxWorks operating system and a number of other RTOSs (real time operating systems). All dangerous problems, including six RCEs, are tied to the TCP / IP protocol stack and are present in all versions of VxWorks released over the past 13 years.

Most Urgent / 11 bugs allow you to take control of the target device without authentication or user interaction. According to Armis, at the time of the disclosure of vulnerabilities, they affected more than 2 billion devices used to control medical equipment, objects of corporate importance, technological processes in industry.

More than 30 vendors have publicly acknowledged Urgent / 11, including Rockwell Automation, Schneider Electric and Siemens. Many of them have issued warnings and patches for their products. As far as we know, attackers did not even try to exploit these vulnerabilities in attacks.

The emergence of CDPwn (PDF) is guilty of a proprietary network device discovery protocol – CDP ( Cisco Discovery Protocol, Cisco Network Device Discovery Protocol). Problems with this protocol are estimated to affect tens of millions of Cisco products, including routers, switches, IP cameras, and VoIP devices with firmware versions released over the past 10 years. One of the CDPwn vulnerabilities was recently spotted in targeted attacks by Chinese hackers.

Analysts from the information security company Armis have the ability to track the vulnerability of equipment according to the firmware version. The Armis cloud platform currently monitors 280 million devices used in mission-critical industries.

To determine the level of patching for Urgent / 11, the researchers compiled a control sample of PLCs from Rockwell Automation and Schneider Electric. They monitored the presence of CDPwn by the status of Cisco Nexus switches and VoIP devices of the 78xx and 88xx series. The test results in both cases turned out to be deplorable.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you