Millions Of Devices Susceptible To Critical Nucleus Net Vulnerabilities

BACKGROUND:

Researchers at Forescout have today disclosed a new set of critical Nucleus Net vulnerabilities, dubbed NUCLEUS:13. 

The vulnerabilities, which may be present in millions of devices that deploy the code owned by Siemens, could cause remote code execution, denial of service attacks and data leak. The Nucleus TCP / IP stack, originally released in 1993, is still widely used in critical safety devices operated by hospitals and the healthcare industry, including anaesthesia machines, patient monitors, building automation systems, lighting controls and ventilation. If exploited, bad actors can use them to take target devices offline or assume control of healthcare operations.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
John Goodacre
John Goodacre , Director of UKRI’s Digital Security and Professor of Computer Architectur
InfoSec Expert
November 10, 2021 12:16 pm

<p>It is not unusual for software to reuse software in a new product or service. It is currently estimated that around 80% of a new software code is reused code.  As seen here, even well used software can still have vulnerabilities. Reusing software in a new way can also expose new vulnerabilities that any reused test cases do not cover.  Despite software development processes becoming much more aware of how such vulnerabilities occur, today\’s technologies can not block these vulnerabilities from being exploited.  Moving to a cybersecurity model in which technology can be secured by design, and stop vulnerabilities from being exploited would not only highlight potential issues in reused code, but can also deliver new capabilities to deliver products to be secure by default. A UK Government initiative known as Digital Security by Design (DSbD) is working to transform digital technology in this way and create a resilient, and secure foundation for a safer future.</p>

Last edited 10 months ago by John Goodacre
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x