INFRA:HALT: A New Stack of Vulnerabilities That Affect Millions of OT Devices

More deets on INFRA:HALT

• In a joint report, JFrog and Forescout found that INFRA:HALT affects a NicheStack aka InterNiche TCP/IP stack that is designed to provide internet connectivity to industrial equipment.
• The exploitation of these flaws can enable attackers to achieve remote code executive, denial of service, information leak, TCP spoofing, and even DNS cache poisoning. 
• The flaws affect all versions prior to 4.3 of NicheStack.
• The affected vendors include Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric. 

List of 14 flaws

• The flaws are tracked as CVE-2020-25928,  CVE-2021-31226, CVE-2020-25767, CVE-2020-25927, CVE-2021-31227, CVE-2021-31400, CVE-2020-35683, CVE-2020-35684, CVE-2020-35685, CVE-2021-27565, CVE-2021-36762, CVE-2020-25926, and CVE-2021-31228.
• To exploit these flaws, a threat actor would first need to gain access to the internal network of the company’s OT section. 
• Around 6,400 devices connected to the internet as of March 2021, have been found to be vulnerable to the INFRA:HALT vulnerability.

Worth noting

• This is the sixth severe security weakness that has been identified in the protocol stacks used by millions of internet-connected devices.
• The previously discovered flaws are URGENT/11, Ripple20, AMNESIA:33, NUMBER:JACK, and NAME:WRECK. 

Mitigations recommended