Today, security researchers from Forescout and JFrog announced 14 vulnerabilities in NicheStack referred to INFRA:HALT, a popular TCP/IP library used in industrial equipment and Operational Technology (OT) devices manufactured by over 200 vendors.
NicheStack (also known as InterNiche stack) is a proprietary TCP/IP stack developed by InterNiche Technologies and acquired by HCC Embedded in 2016.
Several devices in the Operational Technology (OT) and critical infrastructure space, including the popular Siemens S7 range of PLCs, use NicheStack.
“The new vulnerabilities allow for Remote Code Execution, Denial of Service, Information Leak, TCP Spoofing, or DNS Cache Poisoning.” states the report. “Forescout Research Labs and JFrog Security Research exploited two of the Remote Code Execution vulnerabilities in their lab and show the potential effects of a successful attack.”
A threat actor with access to an organization’s OT network could take advantage of the weakness.
The following is a list of vulnerabilities found by the experts:
“INFRA:HALT confirms earlier findings of Project Memoria, namely similar vulnerabilities appearing in different implementations, both open and closed source. In fact, INFRA:HALT includes examples of memory corruption like in
AMNESIA:33, weak ISN generation like in NUMBER:JACK and DNS vulnerabilities like in NAME:WRECK” continues the report.
The experts also provided an estimate of the INFRA:HALT vulnerabilities’ impact, which was based on the following sources:
InterNiche’s primary customers, which total over 200 device suppliers, are listed on a legacy website.
Shodan In March, roughly 6,400 OT devices were connected to the internet, according to queries. “Experts discovered almost 6,400 instances of devices running NicheStack (using the simple keyword “InterNiche”),” according to the report. The vast majority of the devices (6360) run an HTTP server (search for “InterNiche Technologies Webserver”), while the rest ran largely FTP (“Welcome to InterNiche embFtp server”), SSH (“SSH2.0-InternicheSSHServer (c)InterNiche”), or Telnet (“Welcome to InterNiche Telnet Server”) servers.”
Forescout Device Clout. Forescout Device Cloud is a database that contains data from more than 13 million devices that are monitored by Forescout appliances. Experts discovered over 2,500 device cases from 21 different vendors.
To resolve the INFRA:HALT concerns, HCC Embedded has provided firmware fixes.
The researchers also released Forescout’s Project Amnesia scanner, which allows businesses to see if the gadgets they use are vulnerable to these flaws.
You might also like:
Google Chrome won’t show secure website indicators: Report
DarkSide ransomware gang is back as BlackMatter operation
PwnedPiper flaws in PTS systems affect major US hospitals
Industrial Control Systems, INFRA:HALT, TCP/IP, Computer Security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyberattack, cyberattacks, cybercrime, cybercriminals, cybersafe news, cybersecurity, cybersecurity news, cybersecurity news now, cybersecurity news today, cyberupdates, dark web, data breach, Data leak, Google Chrome security warnings, hacker news, hacking news, infosec news, latest cybersecurity news today, Malware, ransomware, recent ransomware attacks, Security, tech news, tech updates, Technology, Vulnerability, Web Security