VxHunter: firmware analysis tool for VxWorks-based embedded devices, supports Ghidra and IDA

May 29, 2019 ~ hucktech ~ Leave a comment

VxHunter: A ToolSet for VxWorks Based Embedded Device Analyses. The firmware analyze tool is plugins written in Python, mainly used for analyze firmware loading address, fix function name with symbol table and etc.[…]

https://github.com/dark-lbp/vxhunter

PS: See also an ICS security tool by the same author, based on Routersploit:

https://github.com/dark-lbp/isf

VxWorks stack overflow EOP reported

November 3, 2016 ~ hucktech ~ Leave a comment

Intel Product Security has a new security advisory for Wind River’s VxWorks:

Stack overflow vulnerability in Wind River VxWorks
Intel ID:     INTEL-SA-00064
Product family:     Wind River VxWorks
Impact of vulnerability:     Elevation of Privilege
Severity rating:     Critical
Original release:     Nov 01, 2016

WindRiver is releasing mitigations for a privilege escalation issue. This issue affects versions of Wind River VxWorks products. The issue being mitigated is a method to execute arbitrary code without user interactions. Anonymous remote attackers can cause a stack overflow, which can be used to obtain remote code execution on affected devices running vulnerable VxWorks versions without any user interactions. Intel strongly recommends customers using impacted versions of WindRiver VxWorks to upgrade to the latest version listed in the table above.

Acknowledgements: Alex Wheeler, David Barksdale – Exodus Intelligence
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00064&languageid=en-fr

VxWorks network vulnerability

August 17, 2016 ~ hucktech ~ Leave a comment

Nice finds … VxWorks: Execute My Packets https://t.co/uycdkqYSjo

— Pedram Amini (@pedramamini) August 17, 2016

Latest disclosure has been patched by @WindRiver. Research by David Barksdale and @vonbloke at https://t.co/R5RJmZ9bNh #PopnRobotsandRockets

— Exodus Intelligence (@XI_Research) August 16, 2016

Code exec via DNS on any device running a VxWorks release from 2007 to present day – guess how many will be fixed: https://t.co/IaxDGit84h

— Matthew Garrett (@mjg59) August 17, 2016

http://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/

Icon Labs releases Floodgate Agent for VxWorks

May 25, 2015 ~ hucktech ~ Leave a comment

Last week Icon Laboratories released “Floodgate Agent for VxWorks”. The Floodgate Agent provides situational awareness, device status monitoring, security policy management, and security event logging and reporting for VxWorks-based devices. With the Floodgate Agent, OEMs using VxWorks are now able to connect their devices to enterprise security management solutions including Icon Labs Security Manager and the McAfee ePO and ESM. Previously, customers using the McAfee management solutions had no ability to manage VxWorks based devices. The agent is a lightweight solution that can be added to existing designs without requiring an OS version upgrade, additional memory or faster processor. The Floodgate Agent provides security management for Icon Labs’ Floodgate Security Framework, a comprehensive security solution for embedded devices providing Secure Boot, Intrusion Detection, Application Guarding APIs, and an embedded firewall.

More information:
http://www.iconlabs.com/prod/icon-labs-releases-floodgate-agent-vxworks