Critical flaws found in embedded TCP/IP stacks may widely affect industrial control devices.
By John Blyler – Cybersecurity experts have found numerous vulnerabilities affecting a commonly used TCP/IP protocol network stack used in millions of Operational Technology (OT) devices. In contrast to IT systems – which manage data – OT devices control the physical world, especially in the industrial and manufacturing spaces.
Further, the affected OT devices are manufactured by hundreds of vendors and deployed in manufacturing plants, power generation, water treatment, and infrastructure sectors. For the most part, the OT devices are part of the industrial IoT marketplaces, all of which are highly susceptible to attacks and flaws that result from issues within the TCP/IP network communications architecture.
Since its inception, the TCP/IP network protocol stacks have formed the backbone of the Internet. Smaller, tailored versions of the full-up Internet stack were created decades ago for embedded systems later used in connected IIoT devices. The embedded TCP/IP stacks – sometimes called NicheStack – combine applications, transport, network, and physical components.
NicheStack is a closed source IPv4 network layer and application implementation for operating systems. It is one of three available from InterNiche Technologies, Inc., designed for use in embedded systems.
Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack used by many OT vendors. The vulnerabilities are collectively tracked as INFRA:HALT, which targets NicheStack, potentially enabling an attacker to achieve remote code execution, denial of service (DNS), information leak, TCP spoofing, and even DNS cache corruption. more>