Cybersecurity researchers from Forescout and Medigate have discovered 13 vulnerabilities in the Nucleus Net TCP / IP stack. The bugs known as Nucleus: 13 affect various devices from the Internet of Things area such as lighting and ventilation controls as well as medical devices and patient monitors.
The vulnerabilities could be present in millions of devices based on TCP / IP stacks from Nucleus and allow attackers to remotely execute malicious code, carry out denial-of-service attacks and even spy on data – although the researchers are not aware of them Security can tell whether they have been actively exploited by cyber criminals.
The Nucleus TCP / IP stack, now owned by Siemens, was originally released in 1993 and is still widely used. Of the three critical vulnerabilities identified by the researchers, CVE-2021-31886 represents the greatest threat with a CVSS (Common Vulnerability Scoring System) score of 10 out of 10. It is a vulnerability in FTP servers ( File Transfer Protocol) that does not properly validate the length of user commands, resulting in stack-based buffer overflows that can be exploited for denial-of-service and remote code execution.
Because the stacks are so widespread, they are easy to identify and attack. It is also possible to find some of the connected devices via the Shodan IoT search engine – and if they are publicly connected to the internet, attacks can be launched remotely. Affected organizations should install the patches offered by Siemens in order to minimize the risk of a successful attack.