Security News > 2021 > August > Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors
Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology vendors.
The vulnerabilities are collectively tracked as ??INFRA:HALT. The security holes, discovered by researchers from ??Forescout Research Labs and JFrog Security Research, can be exploited by an attacker for remote code execution, denial-of-service attacks, information leaks, TCP spoofing, and DNS cache poisoning.
In one theoretical attack scenario described by ??Forescout and JFrog, an external attacker uses an internet-exposed device running NicheStack to infiltrate the targeted network.
The malicious DNS request contains shellcode that instructs the first device to send a malicious FTP packet to a second device on the network - a programmable logic controller in this example - and cause it to crash.
Forescout's own Device Cloud knowledge base showed over 2,500 devices from 21 vendors.
TCP/IP stacks enable vendors to implement basic network communications for IP-connected systems, including IT, OT and IoT devices.