IP stacks open millions of IoT and OT devices to attack

2020-12-09 05:30

Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP stacks used in millions of connected devices worldwide.

The vulnerable open source TCP/IP stacks are PicoTCP, FNET, Nut/Net and uIP. The vulnerabilities have been found in seven different stack components: DNS, IPv6, IPv4, TCP, ICMP, LLMNR and mDNS. "The AMNESIA:33 vulnerabilities can be found in products that range from embedded components to consumer IoT, and from networking and office equipment to OT," the researchers explained.

Many IoT devices don't come with a Software Bill of Materials and finding out which OS, firmware, or TCP/IP stack each device uses will be a time-consuming exercise.

Forescout researchers recommends companies to adopt solutions that provide granular device visibility, allow the monitoring of network communications and isolate vulnerable devices or network segments to manage the risk posed by these vulnerabilities.

In June 2020, JSOF researchers disclosed 20 vulnerabilities in the Treck TCP/IP library, used in hundreds of millions of IoT and OT devices.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/9p87F490J5I/

#attack #IOT