Security News > 2021 > August > Vulnerable TCP/IP stack is used by almost 200 device vendors

Vulnerable TCP/IP stack is used by almost 200 device vendors
2021-08-04 12:53

Researchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack TCP/IP stack, used in OT devices such as the extremely popular Siemens S7 PLCs. "Other major OT device vendors, such as Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric, were mentioned as customers of InterNiche, the original developers of the stack. Due to this popularity in OT, the most affected industry vertical is Manufacturing," Forescout noted.

"If these vulnerabilities are exploited, bad actors can take control of building automation devices used to control lighting, power, security and fire systems, and programmable logic controllers used to run assembly lines, machines and robotic devices. This can significantly disrupt industrial operations and provide access to IoT devices," the researchers explained.

"Once accessed, the stack becomes a vulnerable entry point to spread infectious malware across IT networks."

The patches are available upon request and device vendors using the stack should provide their own updates to customers, the researchers noted.

Just how many devices out there are using one of the vulnerable stack versions is unknown but, according to an old InterNiche website, the stack is used by almost 200 device vendors, including most of the top industrial automation companies in the world.

Aside from implementing the patches, admins are urged to use network segmentation to mitigate the risk from vulnerable devices, and to monitor all network traffic for malicious packets that try to exploit known vulnerabilities or 0-days.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Fbb0ct1bVwQ/