Security researchers have uncovered serious vulnerabilities in the TCP/IP stack of a real-time operating system (RTOS) called Nucleus that’s used in safety-critical devices across many industry verticals. The flaws, discovered by researchers from Forescout and Medigate Labs, can lead to denial of service (DoS), information leaks and remote code execution (RCE). Collectively dubbed NUCLEUS:13, they are part of Forescout’s year-long Project Memoria that analyzed 14 different TCP/IP stacks used in embedded systems.
