Siemens Power Meter 9410 & 9810 series products are hit by the Urgent/11 Vulnerabilities
Siemens is a global powerhouse focusing on the areas of electrification, automation, and digitalization. One of the world’s largest producers of energy-efficient, resource-saving technologies, Siemens is a leading supplier of systems for power generation and transmission as well as medical diagnosis.
Recently, Siemens said to its customers that some of its power meters are affected by the Urgent/11 flaws. However, 9410 series devices are only affected if they run a firmware version prior to 2.1.1, which patches the vulnerabilities. In the case of 9810 devices, a patch has yet to be released and Siemens recommends some workarounds and mitigations until a firmware update becomes available.
The [vulnerabilities]could allow an attacker to execute a variety of exploits for the purpose of Denial-of-Service (DoS), data extraction, RCE, etc. targeting both availability and confidentiality of the devices and data
However, there are many companies like Siemens that are affected by these Urgent/11 Vulnerabilities. Earlier, the company also advised its customers that the flaws impact its RUGGEDCOM WIN products and SIPROTEC 5 Ethernet plug-in communication modules and devices.
Moreover, the other company named Schneider Electric also updated its initial advisory on the Urgent/11 flaws. The company has been gradually releasing patches since the disclosure of the vulnerabilities in July 2019.
What are Urgent/11 Vulnerabilities?
A security firm has identified 11 vulnerabilities, named “URGENT/11.” These vulnerabilities may allow anyone to remotely take control of the medical device and change its function, cause a denial of service, or cause information leaks or logical flaws, which may prevent device function
Urgent/11 is the name given to a series of vulnerabilities found by researchers at IoT security firm Armis in the Wind River VxWorks real-time operating system (RTOS). VxWorks is used by a wide range of companies in their products, including in the aerospace, motor, industrial, and medical industries. Armis estimated that hundreds of millions of devices were affected by the vulnerabilities at the time of disclosure.
However, the companies suggest their customers install the latest firmware that is free from these Vulnerabilities.