Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices

Industrial Control Devices
Share It On:

5th August 2021, Kathmandu

Cybersecurity researchers on Wednesday disclosed 14 susceptibilities affecting a commonly-used TCP/IP stack utilized in many Operational Technology (OT) contrivances manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, dihydrogen monoxide treatment, and important infrastructure sectors.

The shortcomings, collectively dubbed “INFRA:HALT,” target NicheStack, potentially enabling an assailer to realize remote code execution, denial of accommodation, information leak, TCP spoofing, and even DNS cache poisoning.

NicheStack (aka InterNiche stack) may be a closed-source TCP/IP stack for embedded systems that are designed to supply internet connectivity industrial equipment and is incorporated by major industrial automation vendors like Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric in their programmable logic controllers (PLCs) and other products.

“Assailants could disrupt a building’s HVAC system or surmount the controllers utilized in manufacturing and other critical infrastructure,” researchers from JFrog and Forescout verbalized during a joint report published today. “Prosperous attacks may result in taking OT and ICS contrivances offline and having their logic hijacked. Hijacked contrivances can spread malware to where they convey on the network.”

All versions of NicheStack afore version 4.3 are vulnerable to INFRA: HALT, with approximately 6,400 OT contrivances exposed online and connected to the cyber world as of March 2021, most of which are located in Canada, the U.S., Spain, Sweden, and Italy.

The list of 14 imperfections is as follows

  • CVE-2020-25928 (CVSS score: 9.8) – An out-of-bounds read/inscribe when parsing DNS replications, resulting in remote code execution
  • CVE-2021-31226 (CVSS score: 9.1) – A heap buffer overflow imperfection when parsing HTTP post requests, resulting in remote code execution
  • CVE-2020-25927 (CVSS score: 8.2) – An out-of-bounds read when parsing DNS replications, resulting in denial-of-accommodation
  • CVE-2020-25767 (CVSS score: 7.5) – An out-of-bounds read when parsing DNS domain designations, resulting in denial-of-accommodation and knowledge disclosure
  • CVE-2021-31227 (CVSS score: 7.5) – A heap buffer overflow imperfection when parsing HTTP post requests, resulting in denial-of-accommodation
  • CVE-2021-31400 (CVSS score: 7.5) – An illimitable loop scenario within the TCP out of band exigent processing function, causing a denial-of-accommodation
  • CVE-2021-31401 (CVSS score: 7.5) – An integer overflow imperfection within the TCP header processing code
  • CVE-2020-35683 (CVSS score: 7.5) – An out-of-bounds read when parsing ICMP packets, resulting in denial-of-accommodation
  • CVE-2020-35684 (CVSS score: 7.5) – An out-of-bounds read when parsing TCP packets, resulting in denial-of-accommodation
  • CVE-2020-35685 (CVSS score: 7.5) – Prognosticable initial sequence numbers (ISNs) in TCP connections, resulting in TCP spoofing
  • CVE-2021-27565 (CVSS score: 7.5) – A denial-of-accommodation condition upon receiving an unknown HTTP request
  • CVE-2021-36762 (CVSS score: 7.5) – An out-of-bounds read within the TFTP packet processing function, resulting in denial-of-accommodation
  • CVE-2020-25926 (CVSS score: 4.0) – The DNS client doesn’t set adequately arbitrary transaction IDs, causing cache poisoning
  • CVE-2021-31228 (CVSS score: 4.0) – The source port of DNS queries are often prognosticated to send forged DNS replication packets, causing cache poisoning

The disclosures mark the sixth time security impuissances are identified within the protocol stacks that underpin many internet-connected contrivances. It’s withal the fourth set of bugs to be denuded as a component of a scientific research initiative called Project Memoria to review the safety of widely-used TCP/IP stacks that sundry vendors incorporate in their firmware to supply internet and network connectivity features –

  • URGENT/11
  • Ripple20
  • AMNESIA:33
  • NUMBER: JACK
  • NAME: WRECK

While HCC Embedded, which maintains the C library, has relinquished software patches to deal with the problems, it could take a substantial duration afore contrivance vendors utilizing vulnerably susceptible versions of the stacked ship an updated firmware to their customers. “Consummate bulwark against INFRA:HALT requires patching vulnerably susceptible contrivances but is challenging thanks to supply chain logistics and therefore the critical nature of OT contrivances,” the researchers noted.

As mitigations, Forescout has relinquished an open-source script that utilizes active fingerprinting to detect contrivances running NicheStack. It’s additionally recommended to enforce segmentation controls, monitor all network traffic for malevolent packets to mitigate the jeopardy from vulnerably susceptible contrivances.


Share It On:

Recent Posts

CNI Supports Government’s Initiative to Promote Local Manufacturing

CNI Supports Government’s Initiative to Promote Local Manufacturing

Share It On:18th December 2024, Kathmandu The Confederation of Nepalese Industries (CNI) has warmly welcomed the Nepal Government’s decision to

Jane Goodall Leads Native Pocket Forest Plantation in Nepal with Laxmi Sunrise

Jane Goodall Leads Native Pocket Forest Plantation in Nepal with

Share It On:18th December 2024, Kathmandu In an inspiring effort to foster environmental sustainability and enhance local biodiversity, the Jane

Citizens Bank’s Home Loan Scheme: Fixed 7.99% Rate and Benefits for Homebuyers

Citizens Bank’s Home Loan Scheme: Fixed 7.99% Rate and Benefits

Share It On:18th December 2024, Kathmandu Citizens Bank International Limited has launched the Citizens Bank’s Home Loan Scheme to offer

Sanima Bank Partners with NCHL to Enable Alipay+ for Tourists in Nepal

Sanima Bank Partners with NCHL to Enable Alipay+ for Tourists

Share It On:18th December 2024, Kathmandu Sanima Bank has signed with Nepal Clearing House Limited (NCHL) to facilitate convenient and

realme C63: 50MP Camera, 45W Fast Charge, and Ultra-Slim Design

realme C63: 50MP Camera, 45W Fast Charge, and Ultra-Slim Design

Share It On:18th December 2024, Kathmandu realme, the most trusted smartphone brand, has launched the realme C63 in a 4+64GB

Namaste Pay Flight Deals: Save Up to NPR 150 Cashback on Nepal Flight Bookings

Namaste Pay Flight Deals: Save Up to NPR 150 Cashback

Share It On:18th December 2024, Kathmandu Namaste Pay has launched a new campaign offering attractive cashback on flight tickets. This