Security News > 2021 > August > Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices
Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical infrastructure sectors.
NicheStack is a closed-source TCP/IP stack for embedded systems that is designed to provide internet connectivity industrial equipment, and is incorporated by major industrial automation vendors like Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric in their programmable logic controllers and other products.
"Successful attacks can result in taking OT and ICS devices offline and having their logic hijacked. Hijacked devices can spread malware to where they communicate on the network."
CVE-2020-35684 - An out-of-bounds read when parsing TCP packets, leading to denial-of-service.
CVE-2020-35685 - Predictable initial sequence numbers in TCP connections, leading to TCP spoofing.
"Complete protection against INFRA:HALT requires patching vulnerable devices but is challenging due to supply chain logistics and the critical nature of OT devices," the researchers said.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-19 | CVE-2020-35685 | Use of Insufficiently Random Values vulnerability in multiple products An issue was discovered in HCC Nichestack 3.0. | 9.1 |
| 2021-08-19 | CVE-2020-35684 | Improper Input Validation vulnerability in multiple products An issue was discovered in HCC Nichestack 3.0. | 7.5 |