ICSA-21-119-04 · Published 2022-04-19 · View on CISA ICS-CERT ↗

Multiple RTOS (Update E)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution.

CVEs (24)

CVE-2021-30636 CVE-2021-27431 CVE-2021-27433 CVE-2021-27435 CVE-2021-27427 CVE-2021-22684 CVE-2021-27439 CVE-2021-27425 CVE-2021-26461 CVE-2020-35198 CVE-2020-28895 CVE-2021-31571 CVE-2021-31572 CVE-2021-27417 CVE-2021-3420 CVE-2021-27421 CVE-2021-22680 CVE-2021-27419 CVE-2021-27429 CVE-2021-22636 CVE-2021-27504 CVE-2021-27502 CVE-2021-27411 CVE-2021-26706

Remediations

Hitachi Energy GMS600 - See public advisory.
Hitachi Energy PWC600 - See public advisory.
Hitachi Energy REB500 - See public advisory.
Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory
Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.
Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.
Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.

Affected Vendors

multiple

Affected Products (28)

multiple · BlackBerry QNX SDP <= 6.5.0 SP1

multiple · TencentOS-tiny 3.1.0

multiple · Google Cloud IoT Device SDK 1.0.2

multiple · Texas Instruments SimpleLink-CC26XX < 4.40.00

multiple · Texas Instruments SimpleLink MSP432E4XX

multiple · BlackBerry QNX OS for Safety <= 1.0.1

multiple · BlackBerry QNX OS for Medical <= 1.1

multiple · ARM CMSIS-RTOS2 < 2.1.3

multiple · Redhat newlib < 4.0.0

multiple · Apache Nuttx OS 9.1.0

multiple · eCosCentric eCosPro RTOS >= 2.0.1 | <= 4.5.3

multiple · RIOT OS 2020.01.1

multiple · ARM Mbed OS 6.3.0

multiple · Texas Instruments CC32XX < 4.40.00.07

multiple · Texas Instruments SimpleLink-CC32XX < 4.10.03

multiple · Windriver VxWorks < 7.0

multiple · Amazon FreeRTOS 10.4.1

multiple · Samsung Tizen RT RTOS < 3.0.GBB

multiple · NXP MCUXpresso SDK < 2.8.2

multiple · Cesanta Software Mongoose OS 2.17.0

multiple · Micrium uC/OS 1.38.xx | 1.39.00

multiple · Micrium OS <= 5.10.1

multiple · Texas Instruments SimpleLink-CC13XX < 4.40.00

multiple · Media Tek LinkIt SDK < 4.6.1

multiple · Uclibc-NG < 1.0.36

multiple · Zephyr Project RTOS < 2.5

multiple · NXP MQX <= 5.1

multiple · ARM mbed-ualloc 1.3.0

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more