Security analysts at Forescout
Research and JFrog Security Research have discovered 14 vulnerabilities in
NicheStack, a proprietary TCP/IP stack used in a wide range of operational technology
(OT) devices from more than 200 manufacturers, including most major industrial automation
vendors.
The vulnerabilities — which the researchers have collectively named
Infra:Halt — enable remote code execution attacks, denial-of-service attacks, information
leaks, DNS cache poisoning, and TCP spoofing. While many of the affected devices
are likely to have one or more of the vulnerabilities present in their NicheStack
implementation, few are likely to have all of them at the same time.
Forescout Research and JFrog Security Research discovered the vulnerabilities
in NicheStack as part of a broader investigation into security weaknesses in widely
used TCP/IP stacks that the former has been leading over the past year under an
initiative called Project Memoria.
Twelve of the 14 newly disclosed…