08-06-2021 , 03:37 AM
https://news.softpedia.com/news/critical...3662.shtml
Critical Vulnerabilities Found in Custom TCP/IP Stack
New NicheStack Critical Security Flaws Have Been Discovered
Aug 4, 2021 14:21 GMT · By George Dascalu · Security researchers at Forescout recently published a study revealing 14 critical vulnerabilities in a widely used TCP/IP stack across millions of Operational Technology devices from 200 manufacturers, according to The Hacker News.
OT devices are primarily used in areas such as critical infrastructure, water treatment, power generation, and manufacturing plants. The custom TCP/IP stack is found in OT devices used by major vendors such as Emerson, Honeywell, Rockwell Automation, Siemens, Mitsubishi Electric, and Schneider Electric, for industrial automation equipment.
The custom closed-source TCP/IP stack developed for embedded systems, called the InterNiche stack, has the role of enabling Internet access. The faulty TCP/IP stack is called NicheStack, or InterNiche stack, and the inadequacies are titled INFRA:HALT. The issues may allow a threat actor to execute remote code, TCP spoofing, data leaks, DNS cache poisoning, and denial of service attacks.
Starting with version 4.3, all previous versions of NicheStack are vulnerable to INFRA:HALT, with about 6,400 Operational Technology devices connected to the Internet. This figure includes all OT devices worldwide, most of which are located in Italy, Sweden, Spain, Canada, and the United States.
The cybersecurity experts discovered the 14 vulnerabilities listed below:
CVE-2021-31226 - Remote code execution through a heap buffer overflow vulnerability in HTTP post requests, with a CVSS score of 9.1
CVE-2020-25767 - An out-of-bounds read when processing DNS domain names, causing denial of service and information exposure, with a CVSS score of 7.5
CVE-2021-31400 - An infinite loop scenario in TCP out-of-bounds urgent data processing, leading to denial of service, with a CVSS score of 7.5
CVE-2020-35683 - An out-of-bounds read when parsing ICMP packets, leading to a denial of service, with a CVSS score of 7.5
CVE-2020-35685 - ISNs in TCP connections leading to TCP spoofing, with a CVSS score of 7.5
CVE-2021-36762 - A vulnerability in the TFTP packet processing function that results in a denial of service, with a CVSS score of 7.5
CVE-2021-31228 - The source port of DNS requests can deliver spoofed DNS response packets, causing cache poisoning, with a CVSS score of 4.0
CVE-2020-25926 - Insufficiently random transaction IDs cause cache poisoning in the DNS client, , with a CVSS score of 4.0
CVE-2021-27565 - A denial of service condition when receiving an unknown HTTP request, with a CVSS score of 7.5
CVE-2020-35684 - An out-of-bounds read when parsing TCP packets, leading to denial of service, with a CVSS score of 7.5
CVE-2021-31401 - An integer overflow in TCP header processing code, with a CVSS score of 7.5
CVE-2021-31227 - A heap buffer overflow when parsing HTTP post requests, leading to a denial of service, with a CVSS score of 7.5
CVE-2020-25927 - An out-of-bounds read when processing DNS responses, leading to a denial of service, with a CVSS score of 8.2
CVE-2020-25928 - Remote code execution through out-of-bounds read/write when parsing DNS answers, with a CVSS score of 9.8
Recent vulnerabilities in Internet protocol stacks have been uncovered for the sixth time. Another set of bugs have also been discovered through Project Memoria, a research study that seeks to unveil the security vulnerabilities of commonly-used TCP/IP stacks used in the firmware of various manufacturers' devices.
Critical Vulnerabilities Found in Custom TCP/IP Stack
New NicheStack Critical Security Flaws Have Been Discovered
Aug 4, 2021 14:21 GMT · By George Dascalu · Security researchers at Forescout recently published a study revealing 14 critical vulnerabilities in a widely used TCP/IP stack across millions of Operational Technology devices from 200 manufacturers, according to The Hacker News.
OT devices are primarily used in areas such as critical infrastructure, water treatment, power generation, and manufacturing plants. The custom TCP/IP stack is found in OT devices used by major vendors such as Emerson, Honeywell, Rockwell Automation, Siemens, Mitsubishi Electric, and Schneider Electric, for industrial automation equipment.
The custom closed-source TCP/IP stack developed for embedded systems, called the InterNiche stack, has the role of enabling Internet access. The faulty TCP/IP stack is called NicheStack, or InterNiche stack, and the inadequacies are titled INFRA:HALT. The issues may allow a threat actor to execute remote code, TCP spoofing, data leaks, DNS cache poisoning, and denial of service attacks.
Starting with version 4.3, all previous versions of NicheStack are vulnerable to INFRA:HALT, with about 6,400 Operational Technology devices connected to the Internet. This figure includes all OT devices worldwide, most of which are located in Italy, Sweden, Spain, Canada, and the United States.
The cybersecurity experts discovered the 14 vulnerabilities listed below:
CVE-2021-31226 - Remote code execution through a heap buffer overflow vulnerability in HTTP post requests, with a CVSS score of 9.1
CVE-2020-25767 - An out-of-bounds read when processing DNS domain names, causing denial of service and information exposure, with a CVSS score of 7.5
CVE-2021-31400 - An infinite loop scenario in TCP out-of-bounds urgent data processing, leading to denial of service, with a CVSS score of 7.5
CVE-2020-35683 - An out-of-bounds read when parsing ICMP packets, leading to a denial of service, with a CVSS score of 7.5
CVE-2020-35685 - ISNs in TCP connections leading to TCP spoofing, with a CVSS score of 7.5
CVE-2021-36762 - A vulnerability in the TFTP packet processing function that results in a denial of service, with a CVSS score of 7.5
CVE-2021-31228 - The source port of DNS requests can deliver spoofed DNS response packets, causing cache poisoning, with a CVSS score of 4.0
CVE-2020-25926 - Insufficiently random transaction IDs cause cache poisoning in the DNS client, , with a CVSS score of 4.0
CVE-2021-27565 - A denial of service condition when receiving an unknown HTTP request, with a CVSS score of 7.5
CVE-2020-35684 - An out-of-bounds read when parsing TCP packets, leading to denial of service, with a CVSS score of 7.5
CVE-2021-31401 - An integer overflow in TCP header processing code, with a CVSS score of 7.5
CVE-2021-31227 - A heap buffer overflow when parsing HTTP post requests, leading to a denial of service, with a CVSS score of 7.5
CVE-2020-25927 - An out-of-bounds read when processing DNS responses, leading to a denial of service, with a CVSS score of 8.2
CVE-2020-25928 - Remote code execution through out-of-bounds read/write when parsing DNS answers, with a CVSS score of 9.8
Recent vulnerabilities in Internet protocol stacks have been uncovered for the sixth time. Another set of bugs have also been discovered through Project Memoria, a research study that seeks to unveil the security vulnerabilities of commonly-used TCP/IP stacks used in the firmware of various manufacturers' devices.