Home AMX User Forum AMX Technical Discussion

Fixing vxWorks FTP Vulernability?

I am being hassled by our security department to fix a vulnerability in the vxWorks software on several NI-700 controllers. Here's what the security team is telling me:

Observation: VxWorks Debug Service
Description: A system running VxWorks has the debug service exposed, allowing remote attackers to read and write arbitrary data to memory. This could lead to a complete system compromise via a number of attack vectors.
Recommendation for Improvement: Disable/remove the INCLUDE_WDB and INCLUDE_DEBUG components from the VxWorks image.

Unfortunately, I have not figured out how to disable the FTP service, without essentially bricking my own access to manage and update the controller. Does anyone else have any tips or ideas on this?

Thanks for any assistance,

Comments

  • rfletcherrfletcher Posts: 217
    Based on a quick google search my first question is, is your firmware up to date? If not, start with that because this vulnerability in vxWorks appears to date back to 2010 and at least one website had a list of vendors that included AMX and claims they were notified.

    If this is indeed an issue in the current firmware version you'd need to contact AMX about a direct fix since this is an issue in the underlying OS image. It looks like the advised mitigation for vulnerable products is to block 17185/udp with a firewall.

    Please keep us posted on what you find out, this is moderately worrisome...
  • ericmedleyericmedley Posts: 4,177
    I might certainly be wrong on this but I do think tht vulnerability was addressed back in 2011. Fortunately we won't be dealing with vxWorks with the new controllers.
  • I beleive this was fixed years ago.

    From the product information history... http://www.amx.com/assets/AMX-PI2/amx-pi2.htm

    *********************************************************************
    NetLinx Firmware
    08/11/10 v3.50.439

    Prerequisites
    None

    Changes in this release
    - Added support for device TCP/IP address hot-swap to support MVP-9000i
    - Added support for expedited OFFLINE/ONLINE cycle to support MVP-9000i
    - Closed VxWorks WDB security hole by removing the WDB agent from the VxWorks kernel. Under the previous firmware versions, the security hole was only exposed when the master had a static IP address.

    (US-CERT VU#362332)
  • ericmedleyericmedley Posts: 4,177
    B_Clements wrote: »
    From the product information history... http://www.amx.com/assets/AMX-PI2/amx-pi2.htm

    *********************************************************************
    NetLinx Firmware
    08/11/10 v3.50.439

    Prerequisites
    None

    Changes in this release
    - Added support for device TCP/IP address hot-swap to support MVP-9000i
    - Added support for expedited OFFLINE/ONLINE cycle to support MVP-9000i
    - Closed VxWorks WDB security hole by removing the WDB agent from the VxWorks kernel. Under the previous firmware versions, the security hole was only exposed when the master had a static IP address.

    (US-CERT VU#362332)

    Yes, thanks for verifying this.
Sign In or Register to comment.