On July 29, Armis experts unveiled data on 11 vulnerabilities in the real-time operating system (RTOS) VxWorks.
VxWorks is an extremely popular real-time operating system and is used by two billion devices in various areas: microwaves, printers, machines, hospital medical equipment, nuclear reactors and industrial robots. Everything from IOT (Internet of things) light bulbs and switches to the Curiosity rover.
The found vulnerabilities allow to execute arbitrary code on the device, organize DDOS and steal data, it is only necessary that the device has access to the network. Vulnerabilities are susceptible to all versions of the OS since the current IP stack was included in it in 2006. The situation is aggravated by the fact that almost all devices running this OS do not have the function of updating the microcode and often do not even have rewritable memory in principle.