48 matches found
Microsoft Azure Real Time Operating System 安全漏洞
Microsoft Azure Real Time Operating System Azure RTOS is an embedded development kit from Microsoft Corporation USA that includes a small but powerful operating system that delivers reliable, ultra-fast performance for resource-constrained devices. A security vulnerability exists in the Microsoft...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure components. A malicious party could exploit the vulnerabilities to obtain elevated privileges, or to gain access to sensitive data in the context of the victim. Microsoft states for several of the vulnerabilities listed below to be in possession ...
Zephyr Buffer Overflow Vulnerability (CNVD-2021-95615)
Zephyr is an open source, small, scalable, real-time operating system. buffer overflow vulnerability exists in Zephyr, which stems from a buffer overflow in the ZephyrUSB DFU DNLOAD. No detailed vulnerability details are currently available...
CISA Releases Security Advisory on Siemens Nucleus Real-Time Operating Systems
CISA has released an Industrial Control Systems ICS advisory detailing multiple vulnerabilities found in Siemens Nucleus Real-Time Operating Systems RTOS and supporting libraries. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages...
Microsoft Azure Real Time Operating System 权限许可和访问控制问题漏洞
Microsoft Azure is a set of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. A vulnerability exists in Microsoft Azure RTOS with privilege permission and access control issues. The vulnerability stems from a lack of effective privilege permission and access control...
Zephyr integer underflow vulnerability
Zephyr is a small real-time operating system for interconnected, resource-constrained embedded devices. an integer underflow vulnerability in 6LoWPAN IPHC header decompression in Zephyr 2.4.0 and later can be exploited by attackers to cause out-of-bounds access in the Pv6 parsing logic...
Cars and hospital equipment running Blackberry QNX may be affected by BadAlloc vulnerability
Following an announcement by Blackberry the U.S. Food & Drug Administration FDA and the Cybersecurity & Infrastructure Security Agency CISA have put out alerts that vulnerabilities found in the Blackberry QNX real-time operating system RTOS may introduce risks for certain medical devices...
BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices
A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System RTOS could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming CVE-2021-22156, CVSS score: 9.0 is part of a...
Unspecified Vulnerability in Zephyr
Zephyr is an open source, small, scalable real-time operating system from the Linux Foundation. Zephyr has a security vulnerability that stems from improper handling of insufficient permissions or privileges in Zephyr. No details of the vulnerability are available at this time...
Zephyr buffer overflow vulnerability (CNVD-2021-44932)
Zephyr is an open source, small, scalable real-time operating system. A security vulnerability exists in Zephyr versions >= v1.14.2 and >= v2.2.0, which stems from a lack of size checking in Bluetooth HCI on SPI. No details of the vulnerability are available at this time...
Unspecified vulnerability in Zephyr (CNVD-2021-95624)
Zephyr is an open source, small, scalable real-time operating system. Zephyr suffers from a security vulnerability that stems from the fact that when setup in conjunction with littlefs, MCUmgr can be used to extract all security-related information from the device. No details of the vulnerability...
Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices
Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors’ IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash...
Texas Instruments TI-RTOS-MCU 输入验证错误漏洞
The Texas Instruments TI-RTOS-MCU is an application system from Texas Instruments, Inc. A real-time operating system RTOS for microcontrollers MCUs. An input validation error vulnerability exists in Texas Instrument TI-RTOS that originates from returning a valid pointer to a small buffer on a ver...
Texas Instruments TI-RTOS-MCU 输入验证错误漏洞
The Texas Instruments TI-RTOS-MCU is an application system from Texas Instruments, Inc. A real-time operating system RTOS for microcontrollers MCUs. The Texas Instruments TI-RTOS-MCU has an input validation error vulnerability that originates from returning a valid pointer to a small buffer on a...
CISA Releases ICS Advisory on Real-Time Operating System Vulnerabilities
CISA has released Industrial Control Systems Advisory ICSA-21-119-04 Multiple RTOS to provide notice of multiple vulnerabilities found in real-time operating systems RTOS and supporting libraries. Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash...
Siemens Nucleus Products IPv6 Stack Denial of Service Vulnerability
The Nucleus NET module includes a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device.Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for...
Embedded TCP/IP stacks have memory corruption vulnerabilities
Overview Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things IoT and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also tracked as ICS-VU-633937 and JVNVU96491057 as well as the name AMNESIA:33...
CVE-2020-10021
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions...
Pwning a Siemens Scalance ICS switch through ARM reversing
We’ve been working in industrial control systems security for a long time. Several of the team here used to work in OT control rooms or support SCADA environments. Whilst pen testing a ship control system, we noticed a heavy reliance on Siemens Scalance industrial ethernet switches, so bought a...
VxWorks is facing severe RCE attack risk-vulnerability warning-the black bar safety net
Armis research team in the VxWorks discovered 11 zero-day vulnerabilities, VxWorks may be the most widely used of theoperating system. VxWorks is more than 20 million devices in use, including critical industrial, medical and business equipment. Called the“URGENT/11,”the vulnerability exists in t...