{"id":3670,"date":"2021-11-10T18:47:53","date_gmt":"2021-11-10T13:17:53","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=3670"},"modified":"2021-11-10T18:47:56","modified_gmt":"2021-11-10T13:17:56","slug":"nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/","title":{"rendered":"NUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices"},"content":{"rendered":"\n

Investigators recently published information about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices utilized in the medical, industrial, automotive, and aerospace sectors. Named NUCLUE:13, the set of bugs affects the Nucleus TCP\/IP stack and could be appropriated to obtain remote code execution on vulnerable devices, create a denial-of-service condition, or obtain information that could result in damaging consequences.<\/p><\/p>\n\n\n\n

The security researchers are the last part of a larger initiative named Project Memoria, which brought together industry peers, universities, and research institutes to examine the security of multiple TCP\/IP stacks. Another research that aligns with Project Memoria\u2019s goal is Ripple20 from security research group JSOF, which uncovered 19 bugs in the proprietary TCP\/IP stack from the Treck.<\/p><\/p>\n\n\n\n

What are the Three Code Executions Flaws?<\/strong><\/h2>\n\n\n\n

A dozen of the NUCLEUS:13 bugs received the medium and high severity ratings, the one standing out being CVE-2021-31886, a sensitive bug affecting the FTP server element that could permit the attackers to take control of the vulnerable devices.<\/p><\/p>\n\n\n\n

In a report posted today, the security researchers also note that the issue is due to the FTP server\u2019s improper validation of the length of the \u201cUSER\u201d command. This results in a stack-based buffer overflow that could result in DoS and remote code execution (RCE) conditions.<\/p><\/p>\n\n\n\n

\"NUCLEUS-13-TCP-Security-flaw-affects-the-Critical-Healthcare-devices-image1\"<\/figure><\/div>\n\n\n\n

As given in the image above, the two high-severity vulnerabilities (CVE-2021-31887 and CVE-2021-3188) have a probability is the RCE impact, and both affect the FTP server elements. Based on the company\u2019s visibility, over 5,000 devices are running a vulnerable version of the Nucleus RTOS, most of them in the healthcare sector.<\/p><\/p>\n\n\n\n

\"NUCLEUS-13-TCP-Security-flaw-affects-the-Critical-Healthcare-devices-image2\"<\/figure><\/div>\n\n\n\n

To show how critical NUCLEUS:13 is, security researchers describe two hacking scenarios. One targeted a hospital\u2019s building automation to crash a controller that automatically switched on a fan and lights when someone tries to enter the patient\u2019s room.<\/p><\/p>\n\n\n\n

In the second scenario, the target was a presence sensor part of the railway infrastructure, which detects when a train arrives at the station and controls how long it stops. By crashing the controller with any of the DoS bugs in the NUCLEUS:13 suite, an attacker could cause the train to run past the station and potentially collide with another train or objects on the track.<\/p><\/p>\n\n\n\n

How to Mitigate NUCLEUS:13 issues?<\/strong><\/h2>\n\n\n\n

Siemens has released updates that fix the NUCLEUS:13 vulnerabilities in Nucleus ReadyStart versions 3 (update to v2017.02.4 or later) and 4 (update to v4.1.1 or later version). An advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) today provides the following general mitigation action:<\/p><\/p>\n\n\n\n

  • Minimize network exposure for all control system devices and\/or systems, and ensure that they are not accessible from the Internet.<\/li>
  • Locate control system networks and remote devices behind firewalls, and isolate them from the business network.<\/li>
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.<\/li>
  • The open-source Project Memoria Detector tool can help vendors identify products affected by the NUCLEUS:13 set of vulnerabilities as well as issues uncovered by previous TCP\/IP research from the company.<\/li><\/ul>\n\n\n\n

    For organizations where patching is not possible at the moment due to the critical nature of the affected devices, Our security researchers provide the following mitigation strategy:<\/p><\/p>\n\n\n\n

    • Discover and inventory devices running Nucleus using Project Memoria Detector, which uses active fingerprinting to find systems running Nucleus<\/li>
    • Enforce segmentation controls and proper network hygiene; restrict external communication paths and isolate or contain vulnerable devices in zones as a mitigating control if they cannot be patched or until they can be patched<\/li>
    • Monitor progressive patches released by affected device vendors and devise a remediation plan for your vulnerable asset inventory, balancing business risk and business continuity requirements<\/li>
    • Monitor all network traffic for malicious packets that try to exploit known vulnerabilities or possible 0-days. Anomalous and malformed traffic should be blocked, or at least alert its presence to network operators<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"

      Investigators recently published information about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices utilized in the medical, industrial, automotive, and aerospace sectors. Named NUCLUE:13, the set of bugs affects the Nucleus TCP\/IP stack and could be appropriated to obtain remote code execution on vulnerable devices, create […]<\/p>\n","protected":false},"author":2,"featured_media":3672,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\nNUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Investigators recently published information about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices utilized in the medical, industrial, automotive, and aerospace sectors. Named NUCLUE:13, the set of bugs affects the Nucleus TCP\/IP stack and could be appropriated to obtain remote code execution on vulnerable devices, create […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-10T13:17:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-10T13:17:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/NUCLEUS-13-TCP-Security-flaw-affects-the-Critical-Healthcare-devices-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"NUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices\",\"datePublished\":\"2021-11-10T13:17:53+00:00\",\"dateModified\":\"2021-11-10T13:17:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/\"},\"wordCount\":683,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/\",\"url\":\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/\",\"name\":\"NUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-11-10T13:17:53+00:00\",\"dateModified\":\"2021-11-10T13:17:56+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/","og_locale":"en_US","og_type":"article","og_title":"NUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices - Xiarch Solutions Private Limited","og_description":"Investigators recently published information about a suite of 13 vulnerabilities in the Nucleus real-time operating system (RTOS) from Siemens that powers devices utilized in the medical, industrial, automotive, and aerospace sectors. Named NUCLUE:13, the set of bugs affects the Nucleus TCP\/IP stack and could be appropriated to obtain remote code execution on vulnerable devices, create […]","og_url":"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-11-10T13:17:53+00:00","article_modified_time":"2021-11-10T13:17:56+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/11\/NUCLEUS-13-TCP-Security-flaw-affects-the-Critical-Healthcare-devices-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"NUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices","datePublished":"2021-11-10T13:17:53+00:00","dateModified":"2021-11-10T13:17:56+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/"},"wordCount":683,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/","url":"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/","name":"NUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-11-10T13:17:53+00:00","dateModified":"2021-11-10T13:17:56+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/nucleus13-tcp-security-flaw-affects-the-critical-healthcare-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"NUCLEUS:13 TCP Security flaw affects the Critical Healthcare devices"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3670"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=3670"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3670\/revisions"}],"predecessor-version":[{"id":3675,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/3670\/revisions\/3675"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/3672"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=3670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=3670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=3670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}