Go to listing page

INFRA:HALT: A New Stack of Vulnerabilities That Affect Millions of OT Devices

INFRA:HALT: A New Stack of Vulnerabilities That Affect Millions of OT Devices
Millions of Operational Technology (OT) devices manufactured by over 200 vendors are at risk of cyberattacks following the discovery of 14 new vulnerabilities. Collectively called INFRA:HALT, these vulnerabilities affect devices used across manufacturing plants, power generation, water treatment, and other critical infrastructure organizations. 

More deets on INFRA:HALT

  • In a joint report, JFrog and Forescout found that INFRA:HALT affects a NicheStack aka InterNiche TCP/IP stack that is designed to provide internet connectivity to industrial equipment.
  • The exploitation of these flaws can enable attackers to achieve remote code executive, denial of service, information leak, TCP spoofing, and even DNS cache poisoning. 
  • The flaws affect all versions prior to 4.3 of NicheStack.
  • The affected vendors include Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric. 

List of 14 flaws

  • The flaws are tracked as CVE-2020-25928,  CVE-2021-31226, CVE-2020-25767, CVE-2020-25927, CVE-2021-31227, CVE-2021-31400, CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-27565, CVE-2021-36762, CVE-2020-25926, and CVE-2021-31228.
  • To exploit these flaws, a threat actor would first need to gain access to the internal network of the company’s OT section. 
  • Around 6,400 devices connected to the internet as of March 2021, have been found to be vulnerable to the INFRA:HALT vulnerability.

Worth noting

  • This is the sixth severe security weakness that has been identified in the protocol stacks used by millions of internet-connected devices.
  • The previously discovered flaws are URGENT/11, Ripple20, AMNESIA:33, NUMBER:JACK, and NAME:WRECK. 
 

Mitigations recommended 

While HCC Embedded, which maintains the C library, has addressed the issues by releasing software patches, it can take a considerable amount of time before device vendors using the vulnerable firmware get an updated version of the NicheStack.

For mitigating these vulnerabilities, Forescout has released an open-source script to detect devices running vulnerable NicheStack. It has also advised enforcing segmentation controls and monitoring traffic for malicious packets to mitigate the risk.

Cyware Publisher

Publisher

Cyware