NUCLEUS:13 TCP security bugs impact critical healthcare devices

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,540
Researchers today published details about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices used in the medical, industrial, automotive, and aerospace sectors.

Dubbed NUCLEUS:13, the set of flaws affect the Nucleus TCP/IP stack and could be leveraged to obtain remote code execution on vulnerable devices, create a denial-of-service condition, or obtain info that could lead to damaging consequences.

The NUCLEUS:13 vulnerabilities were discovered by researchers at cybersecurity company Forescout and Medigate, a firm that focuses on the security of devices for healthcare providers.

The research is the last part of a larger initiative from Forescout called Project Memoria, which brought together industry peers, universities and research institutes to analyze the security of multiple TCP/IP stacks.

Project Memoria lasted for 18 months and lead to the discovery of 78 vulnerabilities in 14 TCP/IP stacks, presented in studies published as AMNESIA:33, NUMBER:JACK, NAME:WRECK, and INFRA:HALT.