February 1, 2018

ICS-CERT has updated this advisory with additional details about mitigating the vulnerability. ICS-CERT.

October 17, 2017

ICS-CERT has released an advisory on a NXP Semiconductors MQX RTOS vulnerability. Versions prior to Version 5.0  are suspectible to a classic buffer overflow vulnerability, and versions prior to Version 4.1 are susceptible to an out-of-bounds read vulnerability. NXP is planning to release a product fix for MQX, Version 5.1, by January 2018, which will address both vulnerabilities. Until the product fix can be applied, NXP recommends that users consider implementing interim mitigations to limit the risk of exploitation of the identified vulnerabilities. ICS-CERT.