Security News > 2021 > August > Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors

Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors
2021-08-04 10:18

Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology vendors.

The vulnerabilities are collectively tracked as ??INFRA:HALT. The security holes, discovered by researchers from ??Forescout Research Labs and JFrog Security Research, can be exploited by an attacker for remote code execution, denial-of-service attacks, information leaks, TCP spoofing, and DNS cache poisoning.

In one theoretical attack scenario described by ??Forescout and JFrog, an external attacker uses an internet-exposed device running NicheStack to infiltrate the targeted network.

The malicious DNS request contains shellcode that instructs the first device to send a malicious FTP packet to a second device on the network - a programmable logic controller in this example - and cause it to crash.

Forescout's own Device Cloud knowledge base showed over 2,500 devices from 21 vendors.

TCP/IP stacks enable vendors to implement basic network communications for IP-connected systems, including IT, OT and IoT devices.


News URL

http://feedproxy.google.com/~r/securityweek/~3/vmwZfgrebwo/vulnerabilities-nichestack-tcpip-stack-affect-many-ot-device-vendors