Get in Touch
Please get in touch using the form below.
Vulnerability discovered in Micro-Controller Operating System
Target Industry
Indiscriminate, opportunistic targeting.
Overview
A security vulnerability has been disclosed pertaining to the FTP server of the Micro-Controller Operating System (µC/OS). The flaw, tracked as CVE-2022-41985(CVSSv3 Score: 8.6 – High) relates to an authentication-bypass issue that can also lead to a denial-of-service (DoS) within affected products.
Impact
Successful exploitation of CVE-2022-41985 could allow a threat actor to bypass the authentication protocol on µC/OS or cause a DoS condition. As such, a threat actor could bypass the security mechanism of the vulnerable products, resulting in the compromise of the confidentiality and integrity of data.
Affected Products
– Weston Embedded uC-FTPs 1.98.00
Containment, Mitigations & Remediations
It is strongly recommended that users apply the affected product to the latest version.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Threat Landscape
The Micro-Controller Operating System occupies a reasonable portion of the operating system market share and is used commonly within the following industry sectors:
– Health
– Aerospace
– Automotive
– Technology
Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, it is possible that µC/OS products could emerge as prime targets. Due to the fact that the associated products are an integral aspect of business operations within the sectors mentioned above, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Common Weakness Enumeration:
CWE-303 – Incorrect Implementation of Authentication Algorithm