Connect with us

Hi, what are you looking for?


NUCLEUS:13 TCP security bugs impact critical healthcare devices

Researchers today published details about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices used in the medical, industrial, automotive, and aerospace sectors.

Dubbed NUCLEUS:13, the set of flaws affect the Nucleus TCP/IP stack and could be leveraged to obtain remote code execution on vulnerable devices, create a denial-of-service condition, or obtain info that could lead to damaging consequences.

The NUCLEUS:13 vulnerabilities were discovered by researchers at cybersecurity company Forescout and Medigate, a firm that focuses on the security of devices for healthcare providers.

The research is the last part of a larger initiative from Forescout called Project Memoria, which brought together industry peers, universities and research institutes to analyze the security of multiple TCP/IP stacks.

Project Memoria lasted for 18 months and lead to the discovery of 78 vulnerabilities in 14 TCP/IP stacks, presented in studies published  as AMNESIA:33, NUMBER:JACK, NAME:WRECK, and INFRA: HALT.

Another research that aligns with Project Memoria’s goal is Ripple20 from security research group JSOF, which uncovered 19 flaws in the proprietary TCP/IP stack from Treck.

Three remote code execution bugs

A dozen of the NUCLEUS:13 flaws received medium and high severity ratings, the one standing out being CVE-2021-31886, a critical bug affecting the FTP server component that could allow attackers to take control of the vulnerable device.

Advertisement. Scroll to continue reading.

In a report published today, Forescout notes that the issue is due to the FTP server’s improper validation of the length of the “USER” command. This leads to stack-based buffer overflows that could result in DoS and remote code execution (RCE) conditions.

NUCLEUS:13 vulnerabilities in the Nucleus TCP/IP stack

As seen in the image above, two other high-severity vulnerabilities (CVE-2021-31887 and CVE-2021-31888) have a potential RCE impact, and both affect the FTP server component.

Forescout note in a blog post announcing a suite of vulnerabilities that the Nucleus RTOS “is deployed in more than 3 billion devices” in healthcare and critical systems.

Based on the company’s visibility, over 5,000 devices are running a vulnerable version of the Nucleus RTOS, most of them in the healthcare sector.

Devices affected by NUCLEUS:13 vulnerabilities in the Nucleus TCP/IP stack

To show how serious NUCLEUS:13 is, Forescout described two hacking scenarios. One targeted a hospital’s building automation to crash a controller that automatically switched on a fan and lights when someone entered a patient’s room.

In the second scenario, the target was a presence sensor part of the railway infrastructure, which detects when a train arrives at the station and controls how long it stops.

By crashing the controller with any of the DoS bugs in the NUCLEUS:13 suite, an attacker could cause the train to run past the station and potentially collide with another train or objects on the track.

Forescout researcher Stanislav Dashevskyi demonstrated the NUCLEUS:13 attacks in the video below

Advertisement. Scroll to continue reading.

Mitigating NUCLEUS:13 issues

Siemens has released updates that fix the NUCLEUS:13 vulnerabilities in Nucleus ReadyStart versions 3 (update to v2017.02.4 or later) and 4 (update to v4.1.1 or later version).

An advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) today provides the following general mitigation action:

  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.
  • Forescout’s open-source Project Memoria Detector tool can help vendors identify products affected by the NUCLEUS:13 set of vulnerabilities as well as issues uncovered by previous TCP/IP research from the company.

For organizations where patching is not possible at the moment due to the critical nature of the affected devices, Forescout provides the following mitigation strategy:

  • Discover and inventory devices running Nucleus using Project Memoria Detector, which uses active fingerprinting to find systems running Nucleus
  • Enforce segmentation controls and proper network hygiene; restrict external communication paths and isolate or contain vulnerable devices in zones as a mitigating control if they cannot be patched or until they can be patched
  • Monitor progressive patches released by affected device vendors and devise a remediation plan for your vulnerable asset inventory, balancing business risk and business continuity requirements
  • Monitor all network traffic for malicious packets that try to exploit known vulnerabilities or possible 0-days. Anomalous and malformed traffic should be blocked, or at least alert its presence to network operators

Source link

Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.




Researchers today published details about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices used in...

Top Stories

Digitalization keeps on coming to one of the oldest games in the world as FIDE, the International Chess Federation, announces its plans for a...

Online Business Success

A representation of the virtual cryptocurrency Ethereum is seen among representations of other cryptocurrencies in this picture illustration taken June 14, 2021. — Reuters/File...

Top Stories

Robinhood COO Christine Brown has praised the Shiba Inu community but said safety was the platform’s priority over the “short term gain” of listing...

Social Media

Honestly, the lengths that Facebook has gone to in an effort to debunk the idea that it’s a key distribution platform for misinformation and...

Top Stories

Bitcoin (BTC) has broken into new all-time highs, with the asset last changing hands in the mid $67,000 range. During the final hour of...

Loan And Finance

AMP set for life exit with divestment move 8 November 2021 AMP has agreed to sell its near-20% stake in Resolution Life Australasia, with...

Top Stories

The number of Ethereum addresses holding 32 or more Ether (ETH) reached a one-month low on Nov. 9. The number of externally owned Ethereum...


You May Also Like

SEO Guide

Want to rank in Google image search? Images that you use as a featured images when writing a post actually appear on Google Images...


Sonos is one of the most popular wireless speaker brands in the world, and for good reason – its range of portable Bluetooth speakers,...

Online Business Success

Carrying Credit Card Debt Isn’t Just Bad for Your Budget. It May Also Affect Your Health. The stress of carrying card debt through adulthood...

Online Business Success

File photo The Economist Intelligence Unit (EIU) has said that inflation will remain high in Pakistan for the next six months and the rupee...