NASA F' - Vulnerability Research

We conducted a security scan of NASA's fprime v3.4.3, uncovering critical vulnerabilities. These include Remote Code Execution (RCE), Denial of Service (DoS), and Cross-Site Scripting (XSS). The DoS vulnerability arises from queue overflow, while XSS issues are present in the fprime-gds GUI. A Man-in-the-Middle attack can exploit unencrypted communication between FSW and GDS, enabling RCE and file manipulation. These vulnerabilities pose significant risks to space mission operations and telemetry processing.

This security research was originally published at VisionSpace Blog