ICSA-17-285-04A
·
Published 2018-02-01
·
View on CISA ICS-CERT ↗
NXP Semiconductors MQX RTOS (Update A)
CVSS 8.1
HIGH
Risk Summary
ATTENTION: Remotely exploitable/low skill level to exploit.
CVEs (2)
Remediations
- NXP released MQX, Version 5.1 on January 31, 2018, which addresses both vulnerabilities.
- For MQX users running versions older than 5.1, NXP has produced an update that can be obtained at the following location:
- For MQX users running Version 5.0, NXP recommends users update to version 5.1 or the latest version. Existing licensees will be contacted about the update. Users can also contact NXP directly via email at [email protected] to get additional information as needed.
- For MQX users running Version 4.2 and prior versions, NXP recommends that users obtain a patch or update to Version 5.1, which does not contain the out-of-bounds read vulnerability. Please contact NXP via email at [email protected] to get additional information as needed.
Affected Vendors
NXP Semiconductors
Affected Products (2)
NXP Semiconductors
·
MQX RTOS
<= 4.1
NXP Semiconductors
·
MQX RTOS
<= 5.0
Affected Sectors
Communications, Critical Manufacturing, Healthcare and Public Health, and Transportation
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more