Researchers have recently found that the Nucleus real-time operating system (RTOS) from Siemens, which runs equipment used in the medical, automotive, industrial, and aerospace industries, has been found to have 13 vulnerabilities.
The weaknesses, dubbed NUCLEUS:13, impact the Nucleus TCP/IP stack designed for the Internet of Things (IoT) and might be exploited to gain remote code execution on affected devices, cause a denial-of-service issue, or access sensitive information.
Researchers at cybersecurity firm Forescout and Medigate, a company that emphasizes the security of devices for healthcare providers, found the NUCLEUS:13 vulnerabilities.
The study is the final installment of Forescout’s Project Memoria, which united industry peers, universities, and research institutions to examine the security of various TCP/IP stacks.
Project Memoria spanned 18 months and identified 78 vulnerabilities in 14 TCP/IP stacks, which were published as AMNESIA:33, INFRA:HALT, NAME:WRECK, and NUMBER:JACK investigations.
CVE-2021-31886, a significant fault affecting the FTP server component that might let attackers gain control of the susceptible device, was one of a dozen NUCLEUS:13 vulnerabilities with medium and high severity ratings.
According to a study issued today by Forescout, the problem is caused by the FTP server incorrectly validating the length of the “USER” command. This causes stack-based buffer overflows, leading to a denial of service (DoS) or remote code execution (RCE) scenario.
CVE-2021-31887 and CVE-2021-31888 are two other severe flaws. Both can cause RCE and harm the FTP server component.
The Nucleus RTOS is present in more than 3 billion devices across healthcare and critical systems, according to Forescout in a blog post exposing the vulnerabilities.
According to the company’s visibility, approximately 5,000 devices in the healthcare industry are running a susceptible edition of the Nucleus RTOS.
To demonstrate how severe NUCLEUS:13 is, Forescout provided two hacking scenarios. One attempted to bring down a controller that automatically turned on a fan and lights when somebody visited a patient’s room at a hospital.
The objective in another scenario was a presence sensor, which is part of the railway infrastructure that detects when a train arrives at a station and governs how long it stays.
An attacker might cause the train to travel beyond the station and perhaps collide with another train or items on the track by crashing the controller with any of the NUCLEUS:13 DoS flaws.