Microsoft Discovered Vulnerability that Affects Multiple IoT and OT Devices!

Microsoft Discovered Vulnerability that Affects Multiple IoT and OT Devices!

On Thursday, Microsoft researchers identified multiple vulnerabilities that affect multiple Internet of Things and Operational Technology devices that was used by medical, industrial and enterprises network that may be abused the adversaries and initiate the arbitrary code that may be caused serious issues to the system and leads towards the system crash.

These remote code execution vulnerabilities are capable to deal with 25 CVEs and infect multiple domains that are associated with medical IoT, Industrial, Control systems, and Operational Technology.

Microsoft Discovered Vulnerability that Affects Multiple IoT and OT Devices!

The bugs identified are collectively named “BadAlloc” it is rooted while the memory functions are using the real-time operating system that was embedded in the software development kits and C as the library implementations. However, the proper validations are linked with memory allocation functions that enable the adversary while performing the heap overflow and execute the malicious code on vulnerable devices.

The experts also said that these vulnerabilities may lead to the unexpected behavior of these crashes are executed using the remote connection or execution. The United States Cybersecurity and Infrastructure Security Agency (CISA) said that neither Microsoft nor the CISA released the details about the no of devices infected by this software bug.

List of Devices that are Affected

However, the experts shared the list of devices that were affected by BadAlloc are listed below;

  • Apache Nuttx OS, Version 9.1.0
  • Amazon FreeRTOS, Version 10.4.1
  • ARM CMSIS-RTOS2, versions before 2.1.3
  • ARM Mbed OS, Version 6.3.0
  • ARM mbed-uallaoc, Version 1.3.0
  • Santa Software Mongoose OS, v2.17.0
  • eCosCentric eCosPro RTOS, Versions 2.0.1 through 4.5.3
  • Google Cloud IoT Device SDK, Version 1.0.2
  • Linux Zephyr RTOS, versions before 2.4.0
  • MediaTek LinkIt SDK, versions before 4.6.1
  • Micrium OS, Versions 5.10.1 and prior
  • Micrium uCOS II/uCOS III Versions 1.39.0 and prior
  • NXP MCUXpresso SDK, versions before 2.8.2
  • NXP MQX, Versions 5.1 and prior
  • Redhat newlib, versions before 4.0.0
  • RIOT OS, Version 2020.01.1
  • Samsung Tizen RT RTOS, versions prior 3.0.GBB
  • TencentOS-tiny, Version 3.1.0
  • Texas Instruments CC32XX, versions before 4.40.00.07
  • Texas Instruments SimpleLink MSP432E4XX
  • Texas Instruments SimpleLink-CC13XX, versions before 4.40.00
  • Texas Instruments SimpleLink-CC26XX, versions before 4.40.00
  • Texas Instruments SimpleLink-CC32XX, versions prior to 4.10.03
  • Uclibc-NG, versions before 1.0.36
  • Windriver VxWorks, before 7.0

Summering Up

Microsoft also said that as per the investigation, the organization hasn’t found any vulnerabilities related to the exploited data and the availability that was driven for the patches and grant the hackers to use the technique named patch diffing while reversing the engineer fixes and use the potential weaponize version of the application.

The organization also advised to minimize the risk of exploitation of these vulnerabilities and they also recommend applying the software update asap that used to fix the erect fireball barriers and isolate the system from the business networks and other curtail exposure while dealing with the control devices to check inaccessible from the internet.

Leave a Reply