Security News > 2021 > August > INFRA:HALT security bugs impact critical industrial control devices
The stack is commonly found on real-time operating systems powering operational technology and industrial control system devices to provide internet and network functionality.
They impact the DNS client and the HTTP server components of the stack, allowing a remote attacker to execute code on the vulnerable device to take full control over it.
When Device 1 attempts to parse the DNS response, its logic is hijacked and the attacker gets remote control over it.
The device is instructed to establish a TCP connection with Device 2, the internal PLC connected to the HVAC, and to send a malicious FTP packet that exploits a 0-day in this PLC. The PLC crashes, forcing the fan control to stop working.
A search on Shodan on March 8 revealed that more than 6,400 devices running a vulnerable version of the stack.
Looking at data collected from its appliances monitoring more than 13 million customer devices, Forescout found 2,500 systems from 21 vendors to be vulnerable to INFRA:HALT. Almost half of these devices were deployed in industrial control systems in the Energy and Power sector.