NUCLEUS 13: 13 security holes in the Nucleus TCP/IP stack

Forescout researchers discovered 13 critical security vulnerabilities in the Nucleus TCP/IP stack.

Vulnerability Overview

Nucleus is mainly used in anesthesia machines, patient monitors and other medical equipment. Forescout researchers discovered 13 security vulnerabilities in the Nucleus TCP/IP stack, which can be exploited by attackers to achieve remote code execution, DoS, information leakage, etc.The 13 vulnerabilities are: pictures pictures

The most severe of these vulnerabilities is a remote code execution vulnerability affecting FTP server components – CVE-2021-31886, with a CVSS score of 9.8. The reason for this vulnerability is that the FTP server does not properly verify the length of the USER command, which will cause stack-based buffer overflow. Attackers can use this vulnerability to achieve remote code execution and DoS attacks.

For the PoC video of the CVE-2021-31886 vulnerability, see: https://youtu.be/xwbL0yGKV80

  NUCLEUS 13: 13 security holes in the Nucleus TCP/IP stack

Vulnerability Impact

Nucleus NET is the TCP/IP protocol stack of Nucleus RTOS (Real Time Operating System). It was first developed in 1993, and it has been 28 years since its release. According to Nucleus’ official website, RTOS deploys more than 3 billion devices, involving systems such as medical, IT and navigation.

The researchers found more than 2,200 devices running Nucleus FTP and RTOS by querying the data through Shodan.

  NUCLEUS 13: 13 security holes in the Nucleus TCP/IP stack

Devices running Nucleus FTP, Nucleus RTOS

According to Forescout Device Cloud, there are more than 13 million devices monitored and there are 5,500 devices from 16 vendors.

  NUCLEUS 13: 13 security holes in the Nucleus TCP/IP stack

Devices running Nucleus (Forescout Device Cloud)

  NUCLEUS 13: 13 security holes in the Nucleus TCP/IP stack

Devices running Nucleus by industry (Forescout Device Cloud)

The Links:   PM150CL1A120 HV056WX2-100

Related Posts