Site icon ICT Frame

Critical Flaws Affect Embedded TCP/IP Stack Widely Used in Industrial Control Devices

Industrial Control Devices
Share It On:

5th August 2021, Kathmandu

Cybersecurity researchers on Wednesday disclosed 14 susceptibilities affecting a commonly-used TCP/IP stack utilized in many Operational Technology (OT) contrivances manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, dihydrogen monoxide treatment, and important infrastructure sectors.

The shortcomings, collectively dubbed “INFRA:HALT,” target NicheStack, potentially enabling an assailer to realize remote code execution, denial of accommodation, information leak, TCP spoofing, and even DNS cache poisoning.

NicheStack (aka InterNiche stack) may be a closed-source TCP/IP stack for embedded systems that are designed to supply internet connectivity industrial equipment and is incorporated by major industrial automation vendors like Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric in their programmable logic controllers (PLCs) and other products.

“Assailants could disrupt a building’s HVAC system or surmount the controllers utilized in manufacturing and other critical infrastructure,” researchers from JFrog and Forescout verbalized during a joint report published today. “Prosperous attacks may result in taking OT and ICS contrivances offline and having their logic hijacked. Hijacked contrivances can spread malware to where they convey on the network.”

All versions of NicheStack afore version 4.3 are vulnerable to INFRA: HALT, with approximately 6,400 OT contrivances exposed online and connected to the cyber world as of March 2021, most of which are located in Canada, the U.S., Spain, Sweden, and Italy.

The list of 14 imperfections is as follows

The disclosures mark the sixth time security impuissances are identified within the protocol stacks that underpin many internet-connected contrivances. It’s withal the fourth set of bugs to be denuded as a component of a scientific research initiative called Project Memoria to review the safety of widely-used TCP/IP stacks that sundry vendors incorporate in their firmware to supply internet and network connectivity features –

While HCC Embedded, which maintains the C library, has relinquished software patches to deal with the problems, it could take a substantial duration afore contrivance vendors utilizing vulnerably susceptible versions of the stacked ship an updated firmware to their customers. “Consummate bulwark against INFRA:HALT requires patching vulnerably susceptible contrivances but is challenging thanks to supply chain logistics and therefore the critical nature of OT contrivances,” the researchers noted.

As mitigations, Forescout has relinquished an open-source script that utilizes active fingerprinting to detect contrivances running NicheStack. It’s additionally recommended to enforce segmentation controls, monitor all network traffic for malevolent packets to mitigate the jeopardy from vulnerably susceptible contrivances.


Share It On:
Exit mobile version