Source URL: https://blog.talosintelligence.com/eclipse-and-stmicroelectronics-vulnerabilities/
Source: Cisco Talos Blog
Title: Eclipse and STMicroelectronics vulnerabilities
Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
AI Summary and Description: Yes
Summary: The text outlines vulnerabilities discovered in embedded systems, specifically focusing on Eclipse ThreadX and STMicroelectronics. These vulnerabilities include denial-of-service (DoS) and buffer overflow issues, which have implications for device security in IoT applications. The vulnerabilities have been addressed by the respective vendors, underscoring the importance of third-party vulnerability disclosure practices.
Detailed Description:
The text provides valuable information regarding several vulnerabilities affecting widely-used embedded systems. These vulnerabilities were identified by Cisco Talos and pertain to the following main points:
– **Eclipse ThreadX Vulnerabilities:**
– *Total Vulnerabilities:* Three notable vulnerabilities were disclosed related to Eclipse ThreadX, an operating system designed for resource-constrained devices.
– **Vulnerability Details:**
– **CVE-2025-0726 (TALOS-2024-2098):** Denial of service vulnerability associated with the NetX HTTP server, which can be exploited via specially crafted network packets.
– **CVE-2025-0727 and CVE-2025-2259 (TALOS-2024-2104):** Integer underflow vulnerabilities in the HTTP server’s PUT request functionality, also leading to denial of service.
– **CVE-2025-0728 and CVE-2025-2258 (TALOS-2024-2105):** Similar integer underflow vulnerabilities causing denial of service when activated through malicious packets.
– **STMicroelectronics Vulnerabilities:**
– *Total Vulnerabilities:* Four vulnerabilities related to STMicroelectronics, a major semiconductor manufacturing company.
– **Vulnerability Details:**
– **CVE-2024-45064 (TALOS-2024-2096):** A buffer overflow vulnerability in the FileX RAM interface that could result in code execution when exploited by an attacker.
– **CVE-2024-50384 and CVE-2024-50385 (TALOS-2024-2097):** Denial of service vulnerability affecting the NetX Component HTTP server.
– **CVE-2024-50594 and CVE-2024-50595 (TALOS-2024-2102):** Integer underflow vulnerabilities that lead to denial of service, initiated by sending crafted series of network packets.
– **CVE-2024-50596 and CVE-2024-50597 (TALOS-2024-2103):** Additional denial of service vulnerabilities activated by malicious packet sequences.
– **Vendor Response:**
– All of the mentioned vulnerabilities have been addressed by the respective hardware vendors in compliance with Cisco’s third-party vulnerability disclosure policy.
– Security aids such as Snort rule sets are available for detection of these vulnerabilities, emphasizing the need for proactive security measures in embedded systems.
– **Implications for Security Professionals:**
– Highlights the critical need for ongoing assessment and patching of vulnerabilities within IoT and embedded systems.
– Encourages security teams to monitor their devices for known vulnerabilities and apply updates promptly, prioritizing compliance with established security policies.
– These disclosures exemplify the growing complexity and necessity of robust security measures in embedded systems across industries.
Overall, the identified vulnerabilities not only pose risks for immediate systems but also reflect broader trends regarding device security in the context of increasing IoT deployments and reliance on embedded systems.