Vulnerabilities affected four TCP/IP network stacks in medical devices
The Health Sciences Authority (HSA) in April 2021 discovered a suite of cybersecurity vulnerabilities called “NAME:WRECK”.
These vulnerabilities are related to Domain Name System (DNS) implementations and are found to affect the following four TCP/IP network stacks:
- FreeBSD version 12.1
- Nucleus NET version 4.3
- NetX version 6.0.1
- IPnet version VxWorks 6.6
- Risk of Cybersecurity Vulnerabilities (NAME:WRECK) 2
Those with affected medical devices were warned the devices would allow remote unauthorised access and allow malicious actors to conduct either Denial of Service (DoS) or Remote Code Execution (RCE), which will lead to failure of critical device functions.
In order to address these vulnerabilities, security patches developed by the network stack developers, will have to be applied to the affected devices.
According to the Singapore Computer Emergency Response Team, WRECK affects over 100 million devices running on FreeBSD, IPnet, NetX and Nucleus NET stacks. Vulnerable devices could be subjected to either denial-of-service (DoS) or remote code-execution (RCE) attacks.
Security patches for FreeBSD, Nucleus NET and NetX have been released. Administrators of the affected stacks are advised to apply the patch immediately. In the event where patching is not available (i.e. IPnet), administrators are recommended to implement the following mitigation measures:
- Enforce segmentation controls and proper network hygiene measures such as restricting external communication paths and isolating or containing vulnerable devices in zones as a mitigating control if they cannot be patched or until they can be patched
- Monitor progressive patches released by affected device vendors
- Configure devices to rely on internal DNS servers
- Monitor all network traffic for malicious packets
Researchers have released related open-source tools:
- A script to identify possible vulnerable devices https://github.com/Forescout/project-memoria-detector
- A library of queries to partially automate the finding of DNS-related vulnerabilities https://github.com/Forescout/namewreck
