Well now. A mini meteor storm of SolarWinds updates happened. If you run it, you want to check out a couple good articles just out on three other flaws they’re patching. SolarWinds Orion Bug Allows Easy Remote Code Execution and Takeover from Threatpost and 3 New Severe Security Vulnerabilities Found in SolarWinds Software from The HackerNews. Trustwave is holding off on releasing its PoC til patches can be applied.
A few things that worry me. Like embedded systems and inherent security issues. Wind River makes the software for these highly specialized systems used in aerospace and defence, as well as industry and the automotive sector. This is not your regular IT, so the usual approach to securing it won’t always work. And given where it’s being used – high value targets, critical assets.
And the attack was last September. That’s a lot of months gone by. The people affected were notified, it’s under investigation. But given SolarWinds and a few other sophisticated supply chain attacks in the past year, we need to be a bit more paranoid. Once attackers are in your networks and can steal data, especially sensitive stuff that lets them move laterally to get more data and access, go worst case.
Finally, in 2015 their VxWorks product was vulnerable to a TCP flaw that could allow for spoofing or disruption. Then in 2019 it was part of a large group of devices vulnerable to the Urgent11 bug collection. Given all the above, there’s potential here for certain nation state attackers to dig in, help themselves and leave themselves a few backdoors back in. 🤔