Wind River VxWorks (Update A) (ICSA-19-211-01) – Products Used in the Water and Wastewater Sector

August 8, 2019

The NCCIC has updated this advisory by noting that Dräger and Schneider Electric, which are vendors of products that are affected by vulnerability, have released security advisories related to their products. Read the advisory at CISA.

July 30, 2019

The NCCIC has released an advisory on numerous types of vulnerabilities in WindRiver VxWorks. All versions of VxWorks under current support (6.9.4.11, Vx7 SR540, Vx7 SR610) are affected. Successful exploitation of these vulnerabilities could allow remote code execution. Wind River has produced controls and patches to mitigate the reported vulnerabilities. The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.

WaterISAC discussed the Wind River VxWorks vulnerabilities, which have collectively been dubbed “URGENT/11” by the security firm that discovered them (Armis), in its July 30 Security and Resilience Update.