Finding Nucleus TCP/IP assets with accessible FTP services
Researchers at Forescout recently published findings on a new set of 13 vulnerabilities with the Nucleus RTOS TCP/IP stack, collectively referred to as NUCLEUS:13. Originally released in 1993, Nucleus is found in many different types of products, including devices in the medical, automation, and OT spaces. Most of the surfaced vulnerabilities in the Nucleus:13 set received CVSS scores in the high range (and one, via the FTP service, has a critical score of 9.8), with successful exploitation yielding information leaks, denial-of-service, or remote code execution.
While Siemens, owner of Nucleus, has released patched firmware, device vendors will still need to utilize these for their affected product lines and push out their own updates. Forescout suggests some mitigation strategies for affected devices, which you can take to help reduce your Nucleus:13 attack footprint while awaiting patches.
How to find Nucleus TCP/IP devices with runZero
From the Service Inventory, use the following pre-built query to locate Nucleus TCP/IP assets with accessible FTP services in your network:
_asset.protocol:ftp and protocol:ftp and banner:nucleus
As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.
Get runZero for free
Don’t have runZero and need help finding assets potentially vulnerable to NUCLEUS:13?Get started
February 15, 2023
Finding OpenSSH servers
The OpenSSH team surfaced a security issue earlier this month that specifically affects OpenSSH server version 9.1p1 (a.k.a. version 9.1). This version contains a memory double-free vulnerability (tracked as CVE-2023-25136) that can be reached pre-authentication by a remote …Read More
February 8, 2023
Finding VMware ESXi assets
This Rapid Response post covers ESXiArgs, a new strain of ransomware that is targeting VMware ESXi servers. Learn how you can find potentially affected servers on your network.
February 3, 2023
Finding Lexmark printer assets
Printer manufacturer Lexmark recently published details on a vulnerability that affects over 100 of their printer models. Learn how runZero can help you find potentially affected assets.