"Security Researchers Warn of TCP/IP Stack Flaws in Operational Technology Devices"
Cybersecurity researchers at Forescout Research Labs and JFrog Security Research have disclosed a set of 14 security vulnerabilities dubbed INFRA:HALT. These vulnerabilities were discovered in TCP/IP stacks commonly used in industrial infrastructure. The researchers warn that the flaws could enable remote code execution as well as lead to denial-of-service attacks and information leaks. The vulnerabilities impact the NicheStack TCP/IP stack found in operational technology (OT) systems used in critical infrastructure. Some of the vulnerabilities are over 20 years old. According to Forescout, the vulnerabilities are related to malformed packet processes, which can allow attackers to send instructions to read or write on parts of the memory. This could lead to a device crash, network disruption, and device takeover. The TCP/IP stack flaws impact all versions of NicheStack before version 4.3, including NicheLite. The full extent of vulnerable OT devices is unknown. However, the researchers were able to identify more than 6,400 vulnerable devices by using the Internet of Things search engine Shodan. The vulnerabilities have been disclosed to HCC Embedded, which acquired NicheStack in 2016. Forescout and JFrog Security Research also contacted Coordination agencies, including the CERT Coordination Center, BSI (the German Federal Cyber Security Authority), and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), about the vulnerabilities. Forescout released an open-source script to detect devices running NicheStack and to help protect them. This article continues to discuss the discovery, disclosure, source, potential exploitation, and impact of the INFRA:HALT security vulnerabilities, along with recommendations for protecting OT from cyberattacks.
ZDNet reports "Security Researchers Warn of TCP/IP Stack Flaws in Operational Technology Devices"