Security researchers from security teams at Forescout and JFrog have disclosed today 14 vulnerabilities that impact a popular TCP/IP library named NicheStack commonly used in industrial equipment and Operational Technology (OT) devices manufactured by more than 200 vendors.
NicheStack (aka InterNiche stack) is a proprietary TCP/IP stack developed originally by InterNiche Technologies and acquired by HCC Embedded in 2016
NicheStack is used by several devices in the Operational Technology (OT) and critical infrastructure space, such as the popular Siemens S7 line of PLCs.
“The new vulnerabilities allow for Remote Code Execution, Denial of Service, Information Leak, TCP Spoofing, or DNS Cache Poisoning.” states the report. “Forescout Research Labs and JFrog Security Research exploited two of the Remote Code Execution vulnerabilities in their lab and show the potential effects of a successful
The flaw could be exploited by a threat actor that has gained access to the OT network of an organization.
Below is the list of vulnerabilities discovered by the experts:
“INFRA:HALT confirms earlier findings of Project Memoria, namely similar vulnerabilities appearing in different implementations, both open and closed source. In fact, INFRA:HALT includes examples of memory corruption like in
AMNESIA:33, weak ISN generation like in NUMBER:JACK and DNS vulnerabilities like in NAME:WRECK” continues the report.
The experts also provided an estimation of the impact of the INFRA:HALT vulnerabilities, the analysis was based on the following sources:
HCC Embedded has released firmware patches to address the INFRA:HALT issues.
The researchers also released Forescout’s Project Amnesia scanner to allow organizations to determine if the devices they are using are affected by these vulnerabilities.
(SecurityAffairs – hacking, OT)