Sayers Blog


VxWorks Vulnerabilities: More Exposure Than You Think

"When you start a sentence with '200 million' in the Cybersecurity world it's likely to end with 'records exposed' but today it's ending with something much scarier, 'devices exposed'."

- Nigel Smithson, Sr. Cybersecurity Solutions Engineer @ Sayers


The most popular yet hidden Operating System (OS) has been found to contain 11 software vulnerabilities that when used together could unleash crippling attacks on critical infrastructure similar to WannaCry and EternalBlue.




WannaCry, developed from the stolen NSA EternalBlue code, spread through global corporate networks wreaking havoc resulting in millions to billions in remediation costs. The OS involved is VxWorks from Wind River Systems. Unlike a traditional OS (Windows, OS X), VxWorks is a Real-time operating system (RTOS). An RTOS is designed to support critical embedded devices.


The Armis Labs research team has discovered 11 vulnerabilities that affect IPNet, the TCP/IP stack in VxWorks. The collection is referred to as 'URGENT/11'. Some of the bugs affect different versions of the OS with the earliest one being 6.5, released in 2006:


  • 2006: VxWorks 6.5
  • 2007: VxWorks 6.6
  • 2009: VxWorks 6.8
  • 2011: VxWorks 6.9
  • 2014: VxWorks 7






Six of the URGENT/11 bugs can be exploited to achieve remote code execution (RCE). At least one bug affects each version of the OS starting with 6.5, while others can lead to a denial of service (DoS) attack.


Well, while this is something you may not have heard of it is the real time operating system of choice for around 200+ million devices, ranging from:


  • Spacecraft: Mars 2020 rover, SpaceX Dragon, NASA Juno probe
  • Space telescopes: Fermi Gamma-ray, Webb
  • Aircraft: Airbus A400M, Boeing 787, Boeing AH-64 Apache
  • Industrial robots
  • Transportation control systems
  • Elevator control systems
  • Telecommunication systems
  • Water and waste control systems
  • Energy, oil and gas refining control systems
  • Medical equipment: MRI scanners (Watch takeover of a patient monitor)
  • Commercial and consumer electronics:

….so chances are there is an IoT device in your corporate environment or in your personal life impacted.


Sayers can help you determine what affected systems are operating in your infrastructure. We can come up with a plan to mitigate the risk of exploitation while assisting in the remediation of the bugs. Let us help you protect your critical systems.


Additional Resources: