VxHunter: firmware analysis tool for VxWorks-based embedded devices, supports Ghidra and IDA

VxHunter: A ToolSet for VxWorks Based Embedded Device Analyses. The firmware analyze tool is plugins written in Python, mainly used for analyze firmware loading address, fix function name with symbol table and etc.[…]


PS: See also an ICS security tool by the same author, based on Routersploit:


VxWorks stack overflow EOP reported

Intel Product Security has a new security advisory for Wind River’s VxWorks:

Stack overflow vulnerability in Wind River VxWorks
Intel ID:      INTEL-SA-00064
Product family:      Wind River VxWorks
Impact of vulnerability:      Elevation of Privilege
Severity rating:      Critical
Original release:      Nov 01, 2016

WindRiver is releasing mitigations for a privilege escalation issue. This issue affects versions of Wind River VxWorks products. The issue being mitigated is a method to execute arbitrary code without user interactions. Anonymous remote attackers can cause a stack overflow, which can be used to obtain remote code execution on affected devices running vulnerable VxWorks versions without any user interactions. Intel strongly recommends customers using impacted versions of WindRiver VxWorks to upgrade to the latest version listed in the table above.
Acknowledgements: Alex Wheeler, David Barksdale – Exodus Intelligence

VxWorks network vulnerability


Icon Labs releases Floodgate Agent for VxWorks

Last week Icon Laboratories released “Floodgate Agent for VxWorks”. The Floodgate Agent provides situational awareness, device status monitoring, security policy management, and security event logging and reporting for VxWorks-based devices. With the Floodgate Agent, OEMs using VxWorks are now able to connect their devices to enterprise security management solutions including Icon Labs Security Manager and the McAfee ePO and ESM.  Previously, customers using the McAfee management solutions had no ability to manage VxWorks based devices.  The agent is a lightweight solution that can be added to existing designs without requiring an OS version upgrade, additional memory or faster processor. The Floodgate Agent provides security management for Icon Labs’ Floodgate Security Framework, a comprehensive security solution for embedded devices providing Secure Boot, Intrusion Detection, Application Guarding APIs, and an embedded firewall.

More information: