DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities
Urgent/11, a range of security vulnerabilities that were initially thought to impact only the VxWorks real-time operating system (RTOS), actually put many more systems at risk, the US Department of Homeland Security (DHS) and the US Food and Drug Administration (FDA) warned last week.
Earlier this year, security researchers with Armis uncovered 11 critical zero-day flaws in VxWorks, an RTOS used in 2 billion Internet-of-things (IoT) devices. The flaws didn’t impact all VxWorks versions, but were estimated to affect about 200 million devices. However, security researchers later discovered that the issue affects many other real-time operating systems as well. In addition to VxWorks, the impacted systems include OSE, INTEGRITY, ThreadX, ITRON, Nucleus RTOS, and ZebOS. DHS is telling companies to scan their networks for affected devices. Armis has released a tool to help firms achieve this. The FDA has issued a similar warning for healthcare organizations.